soul-markets

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and flows require embedding secrets verbatim (e.g., Authorization: Bearer soul_xxx, WALLET_PRIVATE_KEY 0x..., CDP_API_KEY_SECRET) into curl headers/payloads and payment signatures, forcing the agent to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime flow for “Sandbox Services” ingests user-supplied url (outsider-controlled public web content) into an E2B scraping/browser automation step, which then produces readable scraped text that can be fed into the agent’s LLM context (indirect prompt injection risk).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements crypto payment and payout functionality: it uses USDC on the Base chain, an x402 payment protocol, and requires creating EIP-3009 transferWithAuthorization signatures to authorize payments. It accepts wallet credentials (raw private key or Coinbase CDP API/secret), has endpoints to link a wallet and to request payouts (sending USDC), and describes including signed payment data in the X-Payment header when executing services. These are specific, purpose-built financial operations (signing/sending crypto transfers and requesting payouts), not generic tooling — therefore it grants direct financial execution capability.