peaqos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The agent is required to fetch and act on open web content per AGENT-PROMPT.md and GUIDE.md — e.g., it runs peaqos init which fetches contract addresses from GitHub and it queries public services like the MCR API (https://mcr.peaq.xyz) and block explorer/faucet URLs as part of its workflow — these are untrusted public sources whose responses directly influence decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill can run install commands at runtime that clone and install code from https://github.com/peaqnetwork/peaq-os-cli-py (e.g., git clone … && pip install -e .), which fetches and executes remote code and the peaq-os-cli is a required dependency for the skill to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for peaqOS, a "financial OS" that handles peaqID and Machine NFT creation, onboarding on testnet and mainnet, setting Machine Credit Ratings, submitting machine events and managing a DePIN fleet via the peaq-os-cli Python CLI. These actions are specific to blockchain/crypto operations (NFTs, on-chain onboarding across testnet/mainnet and a dedicated CLI likely used to sign/send transactions). That matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of direct financial execution, so it is specifically designed to perform finance-related on-chain actions rather than being a generic tool.