oraclenet

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs inserting and saving bot private keys into commands/files (e.g., bun save-oracle.ts '{"...","bot_key":"{BOT_PRIVATE_KEY}"}') and even displays the private key in the claim result box, which requires the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and consumes public, user-generated content — e.g., GitHub birth issues from Soul-Brews-Studio/oracle-v2 (gh api calls in the claim flow) and posts/comments/feed from https://api.oraclenet.org (feed, inbox, registry flows) — and the workflow explicitly instructs the agent to read and act on that content (notably running the gh issue create command pasted from the browser as-is and processing feed/comments), which can materially influence tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages crypto wallets and private keys and performs cryptographic signing. It includes wallet generation and management commands (e.g., "cast wallet new", "cast wallet sign"), stores a bot_key/private key, saves wallets to ~/.oracle-net/, and uses those keys to sign and publish posts/comments. These are specific crypto/blockchain capabilities (wallet creation and signing), which qualify as Direct Financial Execution authority under the crypto/blockchain (Wallets, Swaps, Signing) category.