payram-agent-onboarding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required setup explicitly downloads and executes an installer from a public GitHub raw URL (https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh) and also relies on public RPC/faucet endpoints (e.g., eth-sepolia.g.alchemy.com, sepoliafaucet.com) to poll balances and trigger deployments, which are untrusted third‑party sources whose content can directly change what the agent executes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagging https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh because the skill explicitly instructs fetching that raw shell script at runtime via curl and then running ./setup_payram_agents.sh, so remote code is fetched and executed as a required installation step.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly and primarily a payment infrastructure tool. It provisions and automates crypto payment functionality (smart contract wallet deployment, BTC/ETH/Base payment setup, mnemonic generation, deployer addresses, balance polling, fund sweeps), creates payment links, and integrates agents via API keys/webhooks for autonomous payment processing and treasury management. Those are concrete, specific capabilities to manage wallets, deploy contracts, accept/fund transfers and generate payment transactions — not generic automation. Therefore it provides direct financial execution authority (crypto/payments).