afterself

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows and instructs use of inline secret values (e.g., AFTERSELF_VAULT_PASSWORD= node ...) and asks the agent to request/store a vault password and keypair info, which encourages the LLM to accept and embed secret values verbatim in commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Executor explicitly performs browser_automation for close_account and social_post actions (SKILL.md Executor and references/action-schema.md) by opening arbitrary public URLs and "follow[ing] instructions", and also ingests replies from external contacts during escalation—both of which clearly involve reading untrusted, user-generated or public web content that can influence subsequent tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto/blockchain wallet and transfer functionality. It provides commands to create a Solana wallet, check balances, validate keypairs/RPC/mint, and an automatic transfer-to-pool operation that runs on trigger ("transfer-to-pool", mortality.js transfer-to-pool). The Executor and Mortality Pool sections state transfers occur automatically (mandatory when mortalityPool.enabled) and audit transaction signatures are logged. These are specific, dedicated blockchain/wallet actions (not generic API callers or browser automation), so the skill grants direct financial execution authority.