upvoting-on-abstract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads public, user-generated on-chain data (e.g., calling voteCost(), userVotesRemaining(), getUserVotes(), currentEpoch() on the AbstractVoting contract and using "agw portal apps list"/"agw app list") as required workflow steps in SKILL.md, so it ingests untrusted third-party content that can influence actions like sending a payable vote transaction.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly interacts with an on-chain smart contract and includes a payable function call (voteForApp) that requires sending ETH (value = voteCost). It provides the contract address (Mainnet), full ABI usage, and CLI commands showing how to execute the transaction (replace --dry-run with --execute). This is a specific crypto/blockchain financial operation (signing/sending value) rather than a generic tool, so it grants direct financial execution capability.