pg-jobs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes user-posted job listings and submissions from the public ProxyGate job marketplace (see SKILL.md "Browse available jobs" and commands like proxygate jobs get <job-id> and the SDK client.jobs.list / client.jobs.get), so untrusted, user-generated job descriptions/URLs could contain instructions that influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages escrow-backed USDC rewards and provides direct programmatic actions that move funds: creating a job locks USDC in escrow (jobs.create with reward_usdc), accepting a submission releases escrow to the solver (jobs.accept), and canceling a job refunds escrow (jobs.cancel). These are specific financial operations (crypto/stablecoin escrow flow) rather than generic tooling, so it grants direct financial execution capability.