managing-agent-identity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads agent metadata URIs (e.g., the tokenURI flow in SKILL.md "Read agent metadata" and the Agent URI Format in references/identity-registry.md) which resolve to arbitrary https://, ipfs://, or data: registration JSON files provided by third parties, so the agent is expected to fetch and interpret untrusted external content (agentURI/feedbackURI) that can influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes on-chain contract interactions and provides concrete "agw contract write" examples (ABI, functionName, args) for executing transactions on Ethereum (mainnet/testnet). It covers operations like register() (minting an ERC-721 identity), updating agentWallet metadata (requires EIP-712/ERC-1271 signatures), and giveFeedback() — all of which are blockchain transactions that require signing/sending. Because the skill is directly designed to perform crypto/blockchain actions (wallet metadata changes and contract writes), it meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.