smart-contracts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's SKILL.md instructs the agent to connect to external Web3 providers (e.g., Infura/Alchemy via provider URLs) and to read/interpret on-chain state and contract data from arbitrary deployed contracts (RPC calls), which are public, user-generated sources that could supply untrusted content influencing actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes building and interacting with blockchain contracts and includes concrete, actionable APIs for sending transactions and transferring tokens. It references Web3.js transaction calls (e.g., contract.methods.transfer(...).send(...)), handling provider URLs and a private key environment variable (ETHEREUM_PRIVATE_KEY/PRIVATE_KEY), deploying to mainnet, and gas estimation — all of which enable signing and moving crypto assets. These are specific crypto/transaction execution capabilities, so it meets the "Direct Financial Execution" criteria.