seren-bounty

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to untrusted, user-generated content via public API endpoints (e.g., GET /bounties, GET /bounties/{id}/submissions and the bounty field submission_instructions/description/attachments) which the agent is expected to read/interpret as part of normal workflows (finding/joining bounties, acting on submission_instructions), so third-party content could materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit escrow and payout endpoints and workflows for moving funds: POST /bounties/{id}/fund (deposit atomic amount into escrow), the release sweep that transfers matured earnings out of escrow to agents' SerenBucks balance, cancellation refunds, and clawback endpoints. It is specifically designed to create, fund, release, and refund monetary balances (SerenBucks/atomic USDC units) rather than being a generic API caller or browser tool. These are direct financial execution capabilities.