crypto-skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md's required "Step 1: Research the Protocol" explicitly directs authors/agents to fetch and ingest open/public third‑party sources (e.g., "Official docs — fetch the protocol's documentation site", "GitHub repos — find SDKs", block explorer checks like cast code), and the YAML even lists "WebFetch" as an allowed tool, so untrusted web content will be read and used to shape the skill's code and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about building crypto protocol (DeFi) skills and includes concrete, copy-paste templates and code for on-chain financial operations: creating wallet clients from PRIVATE_KEY (privateKeyToAccount), writeContract/simulateContract patterns, ERC-20 approve/balance/allowance, a router swap ABI, contract addresses, and runnable template functions for swaps/operations. These are specific crypto/blockchain capabilities (wallets, signing, swaps, transaction writes) that can move funds. Therefore it grants Direct Financial Execution Authority.