akash

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes calls and examples that make the agent fetch and parse data from public third‑party sources (e.g., Console API endpoints like https://console-api.akash.network/v1/providers, /bids, /lease logs, public RPC endpoints such as https://rpc.akash.network, and external GitHub repos like https://github.com/akash-network/awesome-akash), i.e. untrusted/user‑provided content the agent is expected to read/interpret as part of its workflow, which could enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documents programmatic blockchain integrations and payment functionality specific to the Akash network rather than being a generic tool. It references the chain-sdk (TypeScript SDK), public RPC endpoints, the Console API (REST API), explicit payment denominations (uakt, IBC/USDC), and an AuthZ/fee-grants section. Those elements are concrete blockchain/crypto interfaces that enable signing/broadcasting transactions, delegating payment authority, and paying for leases—i.e., moving tokens. Because the skill includes these specific crypto/blockchain APIs and fee-grant mechanisms, it grants direct financial execution capability.