bifrost-slpx-stake

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries public RPC endpoints (e.g., https://ethereum.publicnode.com, https://base.publicnode.com, and fallback RPCs) and uses those eth_call results (previewDeposit/previewRedeem, canWithdrawalAmount, balanceOf, etc.) to determine amounts and whether to execute transactions, so untrusted third-party RPC responses can materially influence agent decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations: it constructs and broadcasts transactions to stake ETH (mint vETH), redeem/burn vETH, and claim/withdraw ETH. It includes concrete write operations, ABI selectors, example transaction commands (cast send), and an agent-side signing mode via BIFROST_PRIVATE_KEY (allowing the agent to sign and broadcast transactions directly). These are specific payment/crypto transaction capabilities, not generic tooling.