use-arc

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a runtime installation command that fetches and executes remote code—"curl -L https://foundry.paradigm.xyz | bash"—which would run external code during use and is a required dependency for the Foundry deployment steps.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about interacting with a blockchain (Circle's Arc) and includes concrete, actionable crypto transaction tooling and configuration: RPC endpoints, testnet USDC faucet, token addresses, an environment PRIVATE_KEY, and example commands that broadcast signed transactions (e.g., forge create --rpc-url $ARC_TESTNET_RPC_URL --private-key $PRIVATE_KEY --broadcast). It also references bridging USDC via CCTP and developer-controlled (custodial) wallets. These are specific crypto/financial execution capabilities (signing/sending transactions, bridging funds, managing wallets), not generic tooling—so it grants Direct Financial Execution authority.