crypto-bd-agent

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). This is a GitHub repository from an unestablished/unknown username which, while not an immediate direct-download of an executable, can host source and release artifacts that may be malicious—treat as moderately high risk until you verify commit history, stars/forks, recent activity, signed releases, and scan artifacts.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and scrape open/public third‑party sources (e.g., DexScreener, protocol forums, social metrics, "Web Scraping: Firecrawl or similar", leak.me, Nansen, Arkham) in the Intelligence Gathering section, and those untrusted, user‑generated inputs are used directly in scoring, wallet forensics, and outreach decisions—allowing third‑party content to materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about crypto business development and autonomous payment workflows. It describes x402 micropayments, "autonomous commerce with payment protocols," on-chain actions (ERC-8004 registration), and wallet management rules ("Separate wallets: payments", "payments ONLY through verified endpoints"). These are specific crypto payment and on-chain execution capabilities (wallets/payments/registration), not generic tooling, so it grants direct financial execution authority in the crypto domain.