geo-publish

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries the public GraphQL API (https://testnet-api.geobrowser.io/graphql) in its required "Discover the schema" workflow (see SKILL.md step 1 and bin/whoami.mjs), ingesting public/user-generated entity and space data that the agent must interpret to choose property/relation IDs and target spaces, so untrusted third-party content can materially influence subsequent publish actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires and uses a blockchain wallet private key (GEO_PRIVATE_KEY), instructs the user to load it via .env, and calls wallet-related APIs: getSmartAccountWalletClient and wallet.sendTransaction. The publish flow submits on-chain transactions (personalSpace.publishEdit, daoSpace.proposeEdit, daoSpace.voteProposal) and returns calldata/tx parameters that the skill then sends via wallet.sendTransaction. These are explicit crypto wallet signing and transaction submission operations (not generic API or browser automation), so the skill grants direct on-chain financial execution capability.