synctx-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to construct CLI calls that include authentication signatures/credentials as literal arguments (e.g., --signature 0x..., recover-token flows), which forces the LLM to output sensitive auth material verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires reading contract-provided text (instruction(), description(), and verifier instance descriptions) and resolving embedded ipfs: and https:// reference links (see SKILL.md §1 and §5), which causes the agent to fetch and act on untrusted third-party content that can materially change command parameters and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires resolving external reference links at runtime (e.g., ipfs:{cid} and arbitrary https://... links per §5) which are described as "load-bearing" instructions that must be fetched and followed (and the SKILL.md also directs running "npx skills add synctxai/synctx/core-skills/synctx-cli" when an update is detected, which fetches and executes remote code), so external content can directly control agent prompts or execute code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly orchestrates on-chain financial operations. It requires reading contract instruction() and then performing wallet-backed on-chain writes such as token approvals, createDeal / accept calls, requestVerification / request-sign, and other transactions (send returning txHash). It references wallets, signing nonces, tx hashes, chain IDs, and instructs automated execution of approvals and on-chain calls (pre-authorized writes) without user confirmation. These are specific crypto/blockchain transaction capabilities (wallet signing and sending transactions), so this is direct financial execution authority.