evm-foundry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflows explicitly instruct using public third‑party endpoints (e.g., --fork-url https://forno.celo.org in "forge test", many cast commands with --rpc-url https://forno.celo.org, and verification via https://api.celoscan.io/api), so the agent will fetch and act on untrusted public data (RPC and block explorer responses) as part of its runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running "curl -L https://foundry.paradigm.xyz | bash", which fetches and immediately executes remote installer code from https://foundry.paradigm.xyz as a required setup step for Foundry, so it directly executes remote code at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for EVM blockchain development and includes direct transaction- and signing-capable tools and examples. It instructs use of PRIVATE_KEY environment variables, deployment scripts that call vm.startBroadcast with a private key, and CLI commands that send value or call write functions (e.g., "cast send <TO_ADDRESS> --value 1ether --rpc-url ... --private-key $PRIVATE_KEY", "forge script ... --broadcast --private-key $PRIVATE_KEY"). These are concrete crypto/blockchain signing and transfer operations that can move funds and therefore constitute direct financial execution authority.