spawn-incubator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Step 2 and Step 3) asks applicants to host their proposal JSON on public locations (IPFS, GitHub, "any URL") and submit an ideaURI/ideaHash, and the API offers GET /api/applications/:id ("Full details for an application"), which shows the agent is expected to fetch and interpret arbitrary, user-hosted content that can materially influence funding/contract actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly defines on-chain payment flows and contract interactions: it requires sending an entry fee via msg.value when calling applyToIncubator, describes milestone fund disbursements to applicant wallets, a RevenueRouter that automatically splits on-chain payments (80/20), and provides contract addresses, network (Base L2) and API endpoints to query routers and treasury balances. These are concrete crypto/blockchain payment and wallet operations (sending transactions/funds and managing on-chain revenue), so it grants direct financial execution capability.