verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches agent data via client.getAgent / client.verify and displays/uses agent.card fields (name, description, endpoints) from the ERC-8004 on-chain registry and linked IPFS/tokenURIs (user-provided/public), and SKILL.md and index.ts show that this untrusted, user-generated content is read and used to decide reputation, copy-trading trust, and whether to communicate with an agent (e.g., checking A2A endpoints), which could allow indirect prompt-injection via crafted agent cards/endpoints.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes on-chain transaction capabilities: it shows using createERC8004Client with a PRIVATE_KEY, uploading to IPFS and calling client.register(...) which returns a txHash, and client.giveFeedback(...) returning a txHash. Those calls imply signing and sending blockchain transactions (wallet/private-key usage). This is a specific crypto/blockchain execution capability (signing/sending on-chain transactions), so it meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.