ens-primary-name

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Yes — the scripts query public third-party services (notably the ENS subgraph at https://api.thegraph.com/subgraphs/name/ensdomains/ens and public RPC endpoints) and parse/display ENS names, resolver addresses and text records (see set-avatar.sh, set-primary.sh, verify-primary.sh), which are user-controlled on-chain/public data and thus untrusted third-party content consumed as part of the workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain transaction signing and submission for ENS operations. It requires the Bankr CLI for transaction signing (examples show bankr prompt and a full transaction JSON: {"to":"0x...","data":"0x...","value":"0","chainId":8453}), encodes calldata (setName) and submits transactions to Reverse Registrar contracts on specific chains, and requires native tokens for gas. These are specific crypto/blockchain wallet & signing capabilities (not generic browser or HTTP tools), so it grants direct financial execution authority.