Skills
skills/bmzennn/agent-skills/veilpay/Snyk

veilpay

Warn

Audited by Snyk on May 8, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill fetches and acts on public third-party content: e.g., premium.cjs GETs https://veilpayments.xyz/api/premium/ and consumes the returned invoice JSON to drive pay-invoice.cjs (performing payments), and create-link/claim-link download manifest and ZK assets from the CDN (https://d3j9fjdkre529f.cloudfront.net) and query veilpayments.xyz/api/overage-wallet — all external, untrusted responses that the agent parses and that materially change actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill downloads ZK circuit artifacts at runtime from https://d3j9fjdkre529f.cloudfront.net (manifest.json and .wasm/.zkey files), which are fetched, saved, and the .wasm/.zkey artifacts are executed locally by the prover — a required runtime dependency that causes remote code/binary execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency payments and wallet operations on Solana. It includes concrete, named functions and scripts to create an agent wallet, "Perform Shielded x402 Payment" (deposit into the Umbra shielded pool), "Create Private Payment Link" (generate payment URLs), "Claim Private Payment Link" (claim funds into the agent's wallet), and "Withdraw Encrypted Balance" (move funds from shielded vault to public wallet). It lists supported tokens (SOL, USDC, USDT, UMBRA, CASH), mandates mainnet use, details payment authorization headers, and enforces payment caching and retry policies — all indicating direct on-chain transaction execution and fund movement. This is not a generic API/clicker or a sandbox: it directly sends and receives money via blockchain wallets and shielded pool operations. Therefore it meets the "Direct Financial Execution" criteria.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 09:12 PM
Issues
3