qa

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the reviewer to open each deployed contract on public block explorers (Etherscan/Basescan/Arbiscan) and inspect the "Contract" tab to decide PASS/FAIL, which requires the agent to fetch and interpret untrusted third‑party web content that can change its decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specialized QA checklist for Ethereum dApps and contains explicit, specific crypto/blockchain transaction functionality: checks and code patterns for approve flows, token allowances, useScaffoldWriteContract vs wagmi useWriteContract, writeContractAsync, approveWrite, a writeAndOpen helper that fires TXs then deep-links to wallets, WalletConnect session handling, and contract verification on block explorers. These are concrete blockchain transaction and wallet operations (sending on-chain transactions, approvals, signing), not generic tooling — so it grants direct crypto/financial execution capability.