8004-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's search script (scripts/search.js) sends requests to a public search-service URL (default https://tn-search-service.bankofai.io or any --url provided) and parses name/description/metadata from the returned JSON (user/agent-provided data) to infer use-cases and drive displayed decisions, so it clearly ingests untrusted third‑party content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly interacts with blockchains (TRON & BSC), includes scripts that perform on-chain actions (register.js, set-uri.js, feedback.js), requires a private key (TRON_PRIVATE_KEY / PRIVATE_KEY), mentions feeLimit/transaction costs and wallets, and provides contract addresses and ABIs. These are concrete crypto/blockchain wallet and signing capabilities that can create and send on-chain transactions. This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.