tokens

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly queries a public third-party API (the Hiro public API per SKILL.md) via tokensService calls (getBalance, getTokenInfo, getUserTokens, getTokenHolders in tokens.ts), so untrusted/public blockchain/explorer data is read and used to drive decisions (balances, decimals, holders) that can materially affect actions like transfers.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for SIP-010 fungible token operations on Stacks L2 and includes a "transfer" subcommand that sends tokens, requires an unlocked wallet, accepts recipient/amount/fee parameters, and returns a transaction id and explorer URL. This is a specific, built-in capability to execute blockchain token transfers (wallet signing and transaction submission), which qualifies as direct financial execution (crypto/blockchain wallet operations).