Skills
skills/botcoinmoney/botcoin-miner-skill/botcoin-miner/Snyk

botcoin-miner

Warn

Audited by Snyk on May 6, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches challenge payloads from the coordinator (e.g., GET ${COORDINATOR_URL}/v1/challenge) which return an untrusted "doc" and authoritative "solveInstructions" that the agent is required to read/interpret as part of the mining workflow and which can materially influence submits/transactions and next actions (see SKILL.md Step 5 A/B/C), creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime calls to the coordinator (e.g. https://coordinator.agentmoney.net/v1/challenge and other ${COORDINATOR_URL:-https://coordinator.agentmoney.net}/v1/* endpoints) which return the challenge solveInstructions, doc, and constraints that the agent must inject into its model prompts and submission payloads, so external content directly controls agent prompts and is required for operation.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations. It requires a Bankr API key with write/agent permissions and instructs the agent to: resolve the user's EVM wallet, check balances, perform token swaps (Uniswap pools) and bridging, stake/unstake/withdraw BOTCOIN, obtain pre-encoded calldata from a coordinator, sign messages, and submit raw blockchain transactions via Bankr POST /agent/submit. It includes concrete crypto contract addresses (BOTCOIN token address and staking/ mining contract), specific API endpoints for stake/claim/withdraw/bonus calldata, and explicit swap/bridge commands. These are direct crypto/banking/payment actions (wallet resolution, signing, swaps, transaction submission), not generic tooling — therefore this skill grants Direct Financial Execution authority.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 6, 2026, 01:44 AM
Issues
3