thespawn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and interprets user-provided agent metadata and service endpoints from public sources (e.g., agent cards and MCP/A2A/Web endpoints surfaced via thespawn.io and the agent's own URLs) — see spawnr.md, metadata.md, search.md and quality.md — and the spawnr workflow probes those third‑party endpoints (POST tools/list, GET agent-card.json), displays their returned tools/descriptions, and can write the selected MCP endpoint into tooling configs, so untrusted third‑party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly supports on-chain blockchain operations: it documents "on-chain minting", references a viem script (a web3 signing/tx library), lists a registry contract address, shows typical gas costs, and exposes CLI/API actions for registering/hiring agents (e.g., POST /api/v1/agents, spawnr hire). Those are specific crypto/blockchain transaction capabilities (signing/sending transactions / minting) rather than generic tooling, so it provides direct financial execution authority.