slot-paymaster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "policy add-from-preset" flow references and pulls presets from a public GitHub repo (https://github.com/cartridge-gg/presets/tree/main/configs), meaning the agent would fetch and interpret third-party user-editable content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for creating and managing "paymasters" that sponsor transaction fees and manage budgets/credits. It includes concrete financial actions: creating a paymaster with a budget (deducts from a team's credit balance), increasing/decreasing budget, transferring paymaster to another team, and enabling/disabling sponsorship. It even defines a currency (1 CREDIT = $0.01 USD). These are specific crypto/blockchain financial operations (sponsoring gas, managing credits/budgets), not generic tooling, so it grants direct financial execution capability.