bridging-to-abstract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to call and act on public third‑party bridge APIs and web UIs (e.g., SKILL.md and references/third-party-bridges.md show calls to https://api.relay.link/quote/v2, LI.FI/https://li.quest, https://api.dln.trade/... and other public bridge endpoints), meaning untrusted external responses (quotes/transaction steps) are ingested and can directly influence signing/submission decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for moving crypto assets (bridging) and includes programmatic, actionable APIs and on-chain operations. It documents native bridge contracts, shows a curl RPC to discover bridge contracts, describes withdrawal finalization (e.g., call finalizeWithdrawal after checking isWithdrawalFinalized), and gives a Relay REST API "Get a quote" example whose response "includes transaction steps to sign and submit." The skill's primary purpose is to initiate and guide cross-chain asset transfers and programmatic bridging — i.e., sending signed transactions and moving funds. These are direct crypto/financial execution capabilities.