superise-bootstrap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to inspect container logs for the one-time initial Owner password and perform a minimal handoff to the user, which requires the LLM to read and potentially output the secret value verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill pulls an image from Docker Hub (docker pull superise/agent-wallet:latest) and then explicitly fetches and interacts with local endpoints served by that image (/health and especially /mcp via docker exec/fetch), meaning the agent will read and act on content produced by a third‑party container image and its runtime endpoints.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly pulls and runs the external Docker image "superise/agent-wallet:latest" (via docker pull / docker run) at runtime, which fetches and executes remote code from Docker Hub that the skill depends on for operation.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to install and run a "Superise wallet" service (image superise/agent-wallet) and directs the operator to use the MCP server for "all Superise wallet interactions". It exposes local wallet endpoints (e.g., /mcp), mentions owner password handling and KEK rotation, and enforces rules about not exposing /mcp publicly. This is a specific crypto/wallet service (not a generic Docker or HTTP tool), so it constitutes direct financial execution capability under the Crypto/Blockchain (Wallets, Signing) category.