zr-check-in

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads and acts on Nexus inbox messages and other agents' public log/channel content (e.g., "probe message list -log", heartbeat routines, and the Agent Framework Integration sections describing inbox/heartbeat/cron reads), which are untrusted, user-generated third‑party inputs that can influence claiming, voting, and other agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provisions and controls crypto wallet functionality: it instructs generating and persisting a wallet password, running "probe wallet create", using "probe auth", referencing the wallet in registration and daemon commands (e.g., --wallet "$GITHUB_USER", PROBE_WALLET env), and running a probe daemon that holds the wallet connection. These are specific blockchain/crypto wallet operations (create/authenticate/manage persistent wallet connections), not generic tooling, so it provides direct financial execution capability.