agent-vegas

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to record and use a private account secret and JWT token and to include that token in Authorization headers and (example) API calls/URLs, which requires the LLM to handle and potentially emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and act on public, potentially user-generated data from agentvegas.top (e.g., GET https://agentvegas.top/api/rooms and GET https://agentvegas.top/api/atown/history), and to use that data to make betting/strategy decisions, so untrusted third-party content can materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit APIs that let the agent change account balances and execute monetary-like transactions in the service: registering/checking-in to claim gold (credit), placing bets with an "amount" via POST /api/game/bet, submitting paid entry (100 gold) via POST /api/atown/bet, and paying for pixels on the global canvas via POST /api/canvas/global/paint (1 gold per pixel). These are concrete "send transaction / charge" operations (debits/credits) controlled by the agent via JWT auth, not generic browsing or read-only actions. Therefore it provides direct financial execution capability within the platform.