mcp-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly tells the agent to query public Nano RPC endpoints (e.g., https://rpc.nano.org, https://app.natrium.io/api/rpc) and to read MCP/ RPC resources (wallet://{name}, wallet_balance, wallet_receive) which ingest public, user-submitted blockchain transactions and pending blocks that the agent must interpret to decide actions, so it clearly consumes untrusted third-party content that can influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a custodial wallet for the Nano cryptocurrency. It defines wallet-specific RPC/config parameters and provides concrete operations for creating/importing named wallets, receiving funds (wallet_receive), and sending funds (wallet_send). It also handles key custody (mnemonics import) and signing/PoW flow via RPC/work servers. These are specific crypto wallet APIs designed to move and manage funds, so this is direct financial execution capability.