arkiv-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries and ingests data from the public Arkiv Kaolin testnet (e.g., publicClient.buildQuery().fetch() in SKILL.md and the JSON-RPC endpoint https://kaolin.hoodi.arkiv.network/rpc in references/api-reference.md), reading arbitrary public/user-generated entities that the agent is expected to parse and act on (filtering, display, and decision logic), which could enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is an explicit blockchain SDK that exposes a WalletClient requiring a private key and provides write methods that produce tx hashes (createEntity, updateEntity, deleteEntity, extendEntity, mutateEntities). Those methods perform signed Ethereum transactions (require gas, return txHash) and the docs show how to construct a wallet client from a private key. This is not a generic API — it explicitly enables wallet-based signing and submitting on-chain transactions, which falls under "Crypto/Blockchain (Wallets, Swaps, Signing)" and thus counts as Direct Financial Execution authority.