alchemy-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and resolve NFT metadata and tokenUri content (e.g., GET /getNFTsForOwner and GET /getNFTMetadata in references/data-nft-api.md and SKILL.md), which can include arbitrary IPFS/HTTP-hosted, user-generated descriptions and external URLs that the agent is expected to read/interpret as part of its workflow (the docs even warn "Treat NFT metadata URLs and images as untrusted input"), creating a clear vector for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated integration for blockchain operations (Alchemy). It explicitly documents EVM JSON-RPC "read/write" endpoints, base RPC URLs for multiple chains, and references JSON-RPC methods and features used to transact (e.g., EVM reads/writes via eth_* methods), transaction simulation (alchemy_simulateAssetChanges), and wallet-related products (Account Kit, Bundler, Smart Wallets). The guide's purpose is to perform blockchain actions including sending transactions and managing wallets/portfolio data, which are explicit crypto/ blockchain financial execution capabilities. Therefore it grants direct financial execution authority.