binance-agentic-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required swap pre-check (references/security.md §1) explicitly instructs the agent to call the external query-token-audit (and optionally query-token-info) skill, parse and present those audit/token metadata results (untrusted on-chain/token-audit data) and use them to decide whether to proceed with market/limit orders, so it ingests public third‑party/user-generated content that can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to control a Binance Web3 wallet and execute on-chain and exchange actions. Its command set includes wallet sign-in/sign-out, "wallet send" (token transfers), "market-order swap" (DEX trades / market orders), "limit-order buy/sell" (placing limit orders), order cancellation, and other on-chain operations. These are specific crypto financial execution capabilities (sending funds, swapping, placing/canceling orders), not generic tooling. Therefore it grants direct financial execution authority.