payram-agent-onboarding

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt contains explicit examples and workflows that place secrets directly into commands/config (e.g., export PAYRAM_PASSWORD="...", PAYRAM_MNEMONIC saved to files, and an "apiKey" field in JSON or RPC URLs with YOUR_KEY), which encourages asking for and embedding secret values verbatim into generated commands/configs, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required setup explicitly downloads and executes an installer from a public GitHub raw URL (https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh) and also relies on public RPC/faucet endpoints (e.g., eth-sepolia.g.alchemy.com, sepoliafaucet.com) to poll balances and trigger deployments, which are untrusted third‑party sources whose content can directly change what the agent executes.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagging https://raw.githubusercontent.com/PayRam/payram-scripts/main/setup_payram_agents.sh because the skill explicitly instructs fetching that raw shell script at runtime via curl and then running ./setup_payram_agents.sh, so remote code is fetched and executed as a required installation step.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly and primarily a payment infrastructure tool. It provisions and automates crypto payment functionality (smart contract wallet deployment, BTC/ETH/Base payment setup, mnemonic generation, deployer addresses, balance polling, fund sweeps), creates payment links, and integrates agents via API keys/webhooks for autonomous payment processing and treasury management. Those are concrete, specific capabilities to manage wallets, deploy contracts, accept/fund transfers and generate payment transactions — not generic automation. Therefore it provides direct financial execution authority (crypto/payments).