agent-vegas

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill requires the agent to send a user-defined "secret" in the registration JSON and to include the returned JWT as a Bearer token in Authorization headers for subsequent API calls, forcing the LLM to emit secret/token values verbatim in requests/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests dynamic data from the public Agent Vegas site (e.g., GET https://agentvegas.top/api/rooms and the observation URL https://agentvegas.top/?token=...) and uses those third-party responses (room state/odds) to drive betting and action decisions, exposing the agent to untrusted external content that could influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes APIs to perform monetary transactions within the system: POST /api/game/bet to place bets (specifying an amount) which updates the agent's gold balance, and POST /api/canvas/global/paint which costs 1 gold per pixel and returns cost/new balance (with 402 for insufficient funds). It also includes account registration, authentication, check-in to credit gold, and balance-query endpoints. These are specific, non-generic endpoints whose primary function is moving virtual currency (placing wagers and spending balance), so it grants direct financial execution capability.