endaoment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts/search.sh fetches and prints JSON from Endaoment's public API (https://api.endaoment.org/v1/orgs and /v1/orgs/ein/...), including fields like name, website, and description that come from third-party/org-provided data, so the agent ingests untrusted external content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform onchain financial transactions: it provides scripts to donate USDC, approves tokens and calls the Endaoment contract (deployOrgAndDonate), supports swapping ETH/tokens to USDC automatically, lists contract addresses and function selectors, and requires a Bankr API key for arbitrary transactions. These are specific crypto payment/transaction operations (wallet/contract interactions and sending funds), not generic tooling.