frontend-ux

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs runtime ingestion of public third-party data (see Rule 4 "Where to get prices" which recommends using the DexScreener API https://api.dexscreener.com/latest/dex/tokens/TOKEN_ADDRESS and similar public sources), meaning the agent would read/interpret untrusted external content that can affect UI decisions like USD values and transaction confirmations.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about building Ethereum dApp frontends and includes concrete, transaction-level guidance and APIs for performing on-chain financial actions. It references functions and flows that send transactions (e.g., writeContractAsync, useScaffoldWriteContract, approve, stake/deposit flows), manages token approvals and allowances, requires registering contract addresses and ABIs (externalContracts.ts), and references price sources for USD valuation (DexScreener, Uniswap quoter, Chainlink). These are specific crypto/blockchain execution capabilities (signing/sending on-chain transactions, approving tokens), not generic tooling—so it grants direct financial execution authority.