qrcoin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill issues JSON-RPC calls to the public Base RPC (e.g., https://mainnet.base.org) and references public sites (qrcoin.fun, BaseScan) to read on-chain auction data—specifically user-submitted URLs and names stored in bids—which the agent is expected to read/interpret as part of its auction workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform crypto financial operations on the Base blockchain. It includes contract addresses, USDC token details, function signatures for approve/createBid/contributeToBid, and concrete transaction examples. It instructs using "Bankr" to perform transaction signing, gas estimation, submission and confirmation monitoring and gives example prompts like "Send transaction ... calling createBid(...)" — i.e., explicit instructions to send/value-bearing blockchain transactions. This is a specific tool to move funds (USDC) rather than a generic interface, so it grants direct financial execution capability.