molt-registry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill reads and returns on-chain, user-controlled metadata and URIs (e.g., contract.agents(id) and contract.tokenURI(id) in index.js, plus ReputationLogged event logs via queryFilter), which are public, third-party, and can contain arbitrary/user-generated content that the agent exposes and may act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit on-chain transaction operations: registry_register (which "burns $MREG" and requires a funded Base wallet, with an optional agentWallet param/defaulting to msg.sender) and registry_rate (also requires a funded Base wallet). These functions are specifically designed to submit blockchain transactions that spend or burn tokens and use an agent's wallet for signing, i.e., direct crypto/blockchain financial operations. This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.