ad-consumer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs embedding sensitive values (e.g., STATIC_SIGNATURE and VIEWER_ADDRESS) inline in shell commands (e.g., VIEWER_ADDRESS= STATIC_SIGNATURE= bun run ...), which requires the agent to output secret values verbatim and thus risks exfiltration.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Suspicious: this is a direct link to an install shell script on an unverified domain (tempo.im) and the skill explicitly instructs users to run curl ... | sh, which can execute arbitrary code and is a common malware distribution pattern unless the source is trusted and the script inspected.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime ad flow clearly fetches arbitrary markdown from the public AgentAds endpoint (see scripts/serve_ad.js contacting https://agent-ads.yashatreya-ya.workers.dev and the SKILL.md "Display the Ad" step which prints the raw markdown), causing the agent to read and present untrusted third‑party content that could contain instructions influencing behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to https://agent-ads.yashatreya-ya.workers.dev which returns markdown that is saved and directly displayed to users (i.e., remotely-controlled content injected into the agent/user prompt flow), and its setup also suggests executing remote code via curl -sSL https://tempo.im/install.sh | sh to install the required Tempo CLI.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move crypto money. It pays users "$0.10 USDC per ad viewed", requires a Tempo wallet login, reads the spending key/static_signature from tempo wallet whoami, and uses scripts that sign per-view messages and call POST /viewed. It includes explicit payout functionality: check_balance.js (balance/withdrawn reporting) and withdraw.js which uses VIEWER_ADDRESS and STATIC_SIGNATURE and returns a transaction hash. These are specific crypto wallet/payment operations (signing, posting views, and initiating withdrawals), not generic tooling. Therefore it grants direct financial execution authority.