monskill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The repo's skills explicitly direct the agent to fetch and parse public third‑party content as part of normal workflow (e.g., wallet/SKILL.md uses curl against https://api.safe.global/... to list Safes and propose transactions, addresses/SKILL.md points agents to the public GitHub protocols repo, and vercel-deploy/SKILL.md/ deploy scripts call external endpoints), and those external responses are consumed and used to make on‑chain/tooling decisions — satisfying the conditions for indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The vercel-deploy skill instructs a runtime curl to fetch and run remote shell code (curl -sO https://skills.devnads.com/vercel-deploy/deploy.sh && chmod +x deploy.sh), which downloads executable script content that is meant to be executed and is required for the deploy flow, creating a high-risk remote-code-execution dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill set explicitly includes a "Wallet" subskill that provides agent wallet management, Safe multisig creation, deployment of smart contracts, performing on-chain actions, and proposing transactions to a Safe Transaction Service using EIP-712 signatures. Those capabilities are specific to crypto/blockchain financial operations (wallet management, signing and sending transactions), i.e., they enable moving funds or initiating financial transactions on-chain.