litcoin-miner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples and usage repeatedly show API keys (bankr_key, ai_key) embedded as literal string arguments in code/commands, which would require the LLM to include secret values verbatim if it generates similar outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third-party content (e.g., mining challenges via GET /v1/challenge and research tasks via GET /v1/research/tasks which are sourced from public sites like Codeforces, Project Euler, Rosalind, HuggingFace, etc.) and the agent is expected to read and act on that content (generate and submit code, run experiments, or follow challenge instructions), so untrusted content can materially influence tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto/DeFi SDK: it requires a Bankr API key with agent write access and ETH for gas, targets Base mainnet, and exposes on-chain financial operations. The documented functions perform transactions (agent.faucet(), agent.claim(), agent.stake()/unstake()/early_unstake(confirm=True), open_vault()/open_vault_v2(), mint_litcredit(), repay_debt(), add_collateral(), close_vault(), deposit_escrow(), join_guild(guild_id, amount), etc.). These are specific crypto/blockchain financial actions (wallet/debt/stake/mint/escrow) — not generic tooling — so it grants direct financial execution capability.