call-smart-contracts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill reads on-chain, public Algorand contract data (e.g., client.state.global.getAll(), client.state.local(...).getAll(), and client.state.box.myBox()) from testnet/mainnet, which is untrusted, user-generated third‑party content the agent is expected to interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for deploying and interacting with Algorand smart contracts and includes concrete, transaction-level operations: generated TypeScript clients calling client.send.* methods, creating and sending transaction groups (algorand.newGroup(), group.addAssetOptIn(...), group.send()), account creation from mnemonics (algorand.account.fromMnemonic / DEPLOYER_MNEMONIC), opt-in/close-out operations, and other on-chain calls. These are specific blockchain wallet/transaction capabilities (signing/sending on Algorand) and therefore constitute direct financial execution ability.