nara

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Quest Agent Workflow explicitly runs "npx naracli quest get --json" to fetch on-chain/public quest questions (user-generated/open content) which the agent is instructed to read, interpret, and then decide staking/submission actions, so external untrusted content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running npx naracli which fetches and executes the naracli package from the npm registry (see https://www.npmjs.com/package/naracli), so external code is downloaded and executed at runtime as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a blockchain/crypto CLI agent that manages wallets and on‑chain tokens and can create/import wallets, sign transactions, perform token transfers, stake/unstake, deposit/withdraw, and submit on‑chain quest transactions. It documents concrete commands (e.g., npx naracli wallet create, token-balance, quest answer with --stake auto, agent register, transfer) and describes spending NARA for purchases and marketplace payments. Those are specific crypto/financial operations (wallets, signing, transfers, staking, spending tokens), so it grants direct financial execution capability despite requiring user confirmation for some actions.