mev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and index.ts explicitly include commands and API calls (e.g., /mev check and mev.analyzeTransaction, mev.simulateRisk) that read and interpret public blockchain transactions and interact with third-party providers like Flashbots/Jito—public, user-generated on‑chain data that the agent uses to make protection/simulation decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides APIs to execute on-chain trades and submit transaction bundles to crypto relays. Examples: mev.executeProtected performs token swaps (tokenIn, tokenOut, amountIn) and returns txHash; mev.flashbots submits bundles to Flashbots and waits for inclusion; mev.mevBlocker and mev.jito submit protected transactions/bundles and report captured MEV or bundle IDs. These are direct crypto/blockchain transaction functions (swaps, bundle submissions, on-chain execution), so the skill has direct financial execution capability.