payram-headless-setup

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most links are to legitimate blockchain endpoints, GitHub repos, and localhost, but the inclusion of a raw shell script (raw.githubusercontent.com) plus explicit curl/chmod/execute instructions and repository-distributed install scripts creates a clear, potentially exploitable vector for malware if the source is untrusted.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Flagged because the skill explicitly downloads and executes a public script via curl from https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh and interacts with public blockchain RPC endpoints and faucet sites (e.g., publicnode/alchemy RPC URLs and sepoliafaucet.com) whose responses the agent polls/reads during deployment, exposing it to untrusted third‑party content that could carry indirect instruction injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a headless payment infrastructure: it exposes API-driven payment operations (create-payment-link), wallet management (create/link BTC wallet, generate BIP39 mnemonic, derive xpub), smart contract wallet (SCW) deployment (deploy-scw, deploy-scw-flow), blockchain setup (setup-eth/setup-base), funding/deployer addresses and polling for balances, fund sweeping to a fund-collector, and integration for agent-driven payments/treasury automation. Those capabilities are specific financial execution features (crypto wallet creation, signing/deployment flows, and payment link generation/processing), not generic tooling. Therefore it provides direct ability to move/manage funds.