zeko

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs agents to fetch and use the fallback file https://docs.zeko.io/llms-full.txt at runtime as a discovery index, which would load external text into the agent's context and could directly control prompts/instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets blockchain financial actions: it mentions bridging assets, Bridge CLI and Bridge SDK, getting faucet funds, using Mina/Zeko endpoints, and preferring explicit key-based CLI/HTTP flows (and references wallet usage in specific browser-extension cases). These are specific crypto/blockchain capabilities (wallets, signing/CLI SDKs, and asset-bridging) that enable moving or managing funds, so it meets the "Direct Financial Execution" criteria.