agenticbets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches live market data from the public Markets API at https://agenticbets.dev/api/bankr/markets (see SKILL.md and fetch_markets() in scripts/agenticbets.py), and that untrusted third-party JSON is read and used to determine token addresses, predictionContract routing, and whether/when to place or claim transactions—so a malicious API response could materially change agent behavior and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain financial operations. It is built to place USDC bets and claim winnings via the Bankr Wallet Submit API (includes the exact POST endpoint, request body, headers, and sample payload), requires a Bankr API key with write/wallet access, and specifies ERC20.approve and contract bet()/claim() calls (with calldata selectors and contract addresses). Those are explicit "send transaction" actions that move funds on-chain rather than generic tooling, so this skill grants direct financial execution authority.