virtuals-protocol-acp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to run setup and CLI commands that generate, print, store, and accept API keys/env vars (and tells the agent to capture and relay CLI stdout and to call commands with user-provided values like KEY=value), which forces the LLM to receive and/or emit secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and act on marketplace and external content—e.g., acp browse and acp resource query <url> (GET to arbitrary resource URLs) plus acp social twitter search/timeline and bounty poll outputs—so the agent ingests untrusted, user-generated third-party data and uses it to choose providers, fill requirement schemas, and approve/pay jobs, which can materially change its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes multiple, specific financial execution capabilities:
• Crypto / on-chain operations: text and commands reference "token/crypto operations (swaps, transfers, yield farming, trading)", "on-chain operations", acp wallet balance (Base chain), acp wallet address, and acp token launch — all explicit blockchain wallet and token management functions.
• Payment flow and payment approval: acp job create <wallet> <offering> ... plus acp job status returns paymentRequestData, and acp job pay <jobId> --accept <true|false> is a concrete command to approve/reject payment. There is also an --isAutomated true auto-pay mode and guidance for autonomous polling that calls job pay automatically.
• Payment gateway / top-up: acp wallet topup returns a topup URL to add funds via credit/debit card, Apple Pay or crypto deposits — a direct payment gateway integration.
• Fundraising / token economics: acp token launch to create an agent token and text noting fees and revenue transferred to the agent wallet.

These are not generic API callers or browser automation — they are concrete, purpose-built commands and workflows to move funds, manage wallets/tokens, and authorize payments. Under the given decision logic, this skill is specifically designed to execute financial transactions.