The Agent Skills Directory

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 0.80). The prompt instructs copying/pasting generated API keys into agent settings and shows example commands (curl, JSON config) that would be executed with the exact API key value, which would require the LLM/agent to handle and potentially emit secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 0.85). These URLs include direct links to raw shell scripts (curl|bash), GitHub repos from a not-widely-known project, and executable-install instructions — a high-risk pattern for arbitrary code execution and supply-chain/malware distribution unless the sources are independently verified.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and executing remote scripts from public GitHub URLs (e.g., the Agent Onboarding curl command to https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh and the quick-install curl of https://github.com/PayRam/payram-server/main/install.sh), which causes the agent/operator to ingest and act on untrusted, user-hosted third‑party content that can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill includes runtime commands that fetch and execute remote install scripts (e.g., /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh)", curl -fsSL https://raw.githubusercontent.com/PayRam/payram-server/main/install.sh | bash) and clones remote code (https://github.com/PayRam/payram-server.git), which are required for setup and therefore execute remote code at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment gateway deployment and onboarding guide. It includes concrete, finance-specific features: wallet configuration (hot/cold wallets), deploying sweep contracts, auto-sweeping rules, funding hot wallets, API key generation, a documented payment API (curl example to create a payment), and explicit "send payouts" and agent-only onboarding that enables programmatic payments. These are specific tools and APIs to accept, move, and sweep cryptocurrency funds (not generic tooling), so it grants Direct Financial Execution capability.

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs running remote install scripts and configuring system services (Docker, PostgreSQL, opening ports, SSL, deploying services), which will modify system state and almost certainly require elevated/sudo privileges on the host.

payram-setup