pillar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill makes live calls to external services (the Pillar backend /api endpoints, the Hiro API, and CoinGecko, and performs BNS/wallet-name resolution in resolveRecipientAddress), and it directly uses those responses (quotes, resolved recipient addresses, unwind/boost parameters, op-status results) to construct and sign transactions or choose next actions, so untrusted third-party content can materially influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to manage and move cryptocurrency funds. It provides Pillar smart wallet operations including agent-signed direct mode that generates/manages secp256k1 keys, signs SIP-018 structured data locally, and submits transactions to the Pillar backend API. Concrete direct operation commands include sending sBTC (direct-send), creating market-like operations (direct-boost, direct-unwind), supplying/withdrawing collateral (direct-supply, direct-withdraw-collateral), stacking STX (direct-stack-stx), wallet creation and key management. These are specific crypto/ blockchain wallet and transaction capabilities intended to execute financial transfers and positions, so they meet the "Direct Financial Execution" criteria.