basename-register

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., scripts/register-basename.mjs and scripts/decode-tx.mjs) explicitly create a public client using http('https://mainnet.base.org') and call publicClient.readContract / publicClient.getTransaction to ingest public blockchain state and user-submitted transactions from the open Base mainnet, and those reads directly influence workflow decisions and subsequent contract writes (registration/setReverseRecord), so untrusted third-party content can materially affect behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to perform on-chain blockchain operations: it requires a private key, shows contract addresses and ABIs, instructs calling register() with payment (50% price buffer), and setting reverse records. Those actions involve signing transactions and spending ETH (gas and registration fees). This is a specific crypto/blockchain capability (wallet signing and sending transactions), not a generic tool, so it grants direct financial execution authority.