clanker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's airdrop workflow (references/airdrops.md and SKILL.md) explicitly calls registerAirdrop and fetchAirdropProofs against Clanker's public service and shows using returned Merkle proofs to build and execute claim transactions, meaning the agent ingests untrusted third-party (service-stored/user-provided) data that can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto token deployment and management SDK. It requires a private key, constructs a wallet client, and exposes transaction-producing functions: clanker.deploy (deploys ERC20 and liquidity pools), devBuy (performs an ETH purchase), claimVaultedTokens / claimRewards (claims tokens/fees), and updateMetadata/updateImage (tx-producing updates). These are specific blockchain/crypto operations that sign and send transactions (move funds/tokens), so it grants direct financial execution capability.