writing-bots

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires using web_fetch to retrieve live documentation from the public site https://docs.apeworx.io/silverback/stable (including the development and API reference pages), which are open third-party web content the agent will read and could contain adversarial or untrusted instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires using web_fetch at runtime to retrieve and follow the live documentation pages (https://docs.apeworx.io/silverback/stable, https://docs.apeworx.io/silverback/stable/userguides/development, https://docs.apeworx.io/silverback/stable/methoddocs), meaning external content fetched at runtime directly controls the agent's instructions for writing the bot.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to build bots that interact with public blockchains and smart contracts, including the ability to "sign and broadcast a transaction on the listening chain and/or other blockchain(s)" and guidance about adding a signer to submit transactions. Those capabilities are specific crypto/blockchain transaction execution (wallet signing and broadcasting), which constitute direct financial execution authority rather than a generic tool.