0xwork

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and consumes user-posted task descriptions from the public 0xWork marketplace (e.g., via 0xwork discover and 0xwork task hitting https://api.0xwork.org) and its execution guide also directs using web_search/web_fetch for Research/Data tasks, so untrusted third-party content is read and used to drive decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs and installs a remote CLI package at runtime using commands like npx @0xwork/sdk and npm install -g @0xwork/sdk, which fetches and executes external code from the npm package URL (https://npmjs.com/package/@0xwork/sdk) and is required for core functionality.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to perform on-chain financial actions: it creates and stores a PRIVATE_KEY wallet, auto-funds that wallet via a faucet, registers on-chain (approves token spend and stakes $AXOBOTL), allows claiming tasks (staking tokens) and submitting work which records proofs on-chain and triggers USDC bounty release. These are direct crypto/wallet/blockchain payment operations (signing transactions, staking, receiving USDC), not generic tooling. Therefore it grants direct financial execution authority.