web3-py

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Common Commands/API and Integration Notes show it connects to public Web3 providers (e.g., "https://mainnet.infura.io/v3/..." in Integration Notes and examples) and calls contract functions/events and reads balances/blocks, so it ingests public, user-generated blockchain data that could materially influence transactions or other agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain financial operations: it includes account management, signing transactions with private keys, sending transactions (w3.eth.send_transaction and send_raw_transaction), deploying/interacting with smart contracts, and gas estimation. These are direct crypto/blockchain transaction capabilities (wallet signing and sending), which constitute Direct Financial Execution.