cavos-react-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md: "login() → handleCallback() → deployAccountInBackground()") explicitly ingests OAuth JWTs from third‑party providers (Google/Apple/Firebase) and fetches JWKS/app_salt from external backends/registries, and those parsed JWT claims and registry data are used to derive addresses and drive session registration/execution—i.e., untrusted external content is read and can materially change subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a purpose-built blockchain wallet/transaction SDK for Starknet. It exposes explicit methods to execute transactions (execute), deploy accounts, sign messages, transfer tokens, perform multi-call swaps, and manage session spending limits (SessionKeyPolicy). It includes token contract addresses, paymaster integrations, and raw RPC invocation for submitting transactions. These are specific crypto/blockchain wallet and transaction capabilities — i.e., direct financial execution.