megaeth-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime guidance (frontend-patterns.md and rpc-methods.md) explicitly tells the agent to connect to public RPC/WebSocket endpoints (e.g., wss://mainnet.megaeth.com/ws) and subscribe to miniBlocks and other on-chain data, and other docs (meganames.md, resources.md, privy-integration.md) show reading transaction payloads, text records, and external on-chain/HTTP content that are user-generated and are parsed/used by the agent as part of normal workflows (e.g., broadcasting miniBlock payloads, interpreting text records, or constructing/sending transactions), which clearly exposes it to untrusted third-party content that can influence decisions or actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for blockchain financial operations. It includes direct transaction submission and signing (eth_sendRawTransactionSync / EIP-7966), wallet setup & management, token swaps via the Kyber Network aggregator, bridging ETH, Privy headless signing for automated signing, ERC-7710 delegations (scoped on-chain permissions / spending limits), MetaMask Smart Accounts (ERC-4337 user ops), and a marketplace for buying/selling subdomains with token gating. These are specific, purpose-built capabilities to move value on-chain (send transactions, swap tokens, manage wallets/permissions), not generic tooling.