get-agent-identity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent/operator to fetch and interpret on-chain ERC-8004 identity, trust scores, and KYA credentials via npx agnic agent-identity (reading the Identity Registry / Reputation contracts listed and referencing the AgnicPay dashboard), which are public, third‑party on‑chain data that can influence trust/authorization decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running remote code at runtime via "npx agnic@latest" (which fetches/executes the 'agnic' package from the npm registry, e.g. https://registry.npmjs.org/agnic), so this external dependency can execute remote code and is relied on by the skill.