meganames

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md requires the agent to call publicClient.readContract against public RPC endpoints (e.g., https://mainnet.megaeth.com/rpc) and read on-chain/user-controlled data via functions like addr, getName, quote, text records and contenthash (and references dotmega.domains), so the agent ingests untrusted, user-generated third-party content that can materially influence approvals, pricing, and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for on-chain name registration and marketplace operations that move funds. It contains concrete, finance-related contract calls and patterns: approving USDM, calling walletClient.writeContract to run register/registerWithPermit, router.register to buy subdomains, setPrice on marketplace logic, configure payouts, and use of eth_sendRawTransactionSync and ERC-2612 permits. These are specific crypto/blockchain payment and wallet operations (token approvals, transfers, signed transactions), not generic tooling. Therefore it grants direct financial execution capability.