endaoment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and parses public third‑party data — e.g., scripts/search.sh calls https://api.endaoment.org and scripts/donate.sh queries the public Base RPC at https://mainnet.base.org (eth_call/eth_getCode) — and those responses are directly interpreted to derive contract addresses and decide/deploy/send transactions, so untrusted external content can materially change behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform onchain financial transactions: it provides scripts to donate USDC, approves tokens and calls the Endaoment contract (deployOrgAndDonate), supports swapping ETH/tokens to USDC automatically, lists contract addresses and function selectors, and requires a Bankr API key for arbitrary transactions. These are specific crypto payment/transaction operations (wallet/contract interactions and sending funds), not generic tooling.