ethers-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs connecting to third‑party Ethereum providers (e.g., Infura via provider URLs / process.env.RPC_URL) and calling smart contracts with ethers.Contract (reading balances, events, and contract returns), which means the agent will ingest public, user-generated blockchain data from untrusted third‑party sources that can influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly an Ethereum blockchain library with wallet management, private-key/mnemonic handling, transaction signing, and functions to sign and send transactions (examples include signer.sendTransaction and ERC-20 transfer). Those features are direct crypto financial execution capabilities (creating/importing wallets, signing and broadcasting value transfers), so it specifically enables moving money on-chain.