opensea-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated content from OpenSea (e.g., numerous https://api.opensea.io API endpoints shown in SKILL.md and the runtime scripts such as scripts/monitor_collection.sh and scripts/fetch_nft.sh), and those responses are parsed and used to drive monitoring, listings/offers, and follow-up actions, so untrusted third-party content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes Seaport/SDK examples that perform on-chain transactions using a private key and wallet provider (e.g., ethers.Wallet with process.env.PRIVATE_KEY) and shows calls to create listings, fulfill orders (buy), and create offers. Those are direct crypto financial operations (wallet signing and executing marketplace trades). While much of the doc is read-only, the Seaport SDK snippets demonstrate explicit transaction-sending capabilities (creating/fulfilling orders and making offers), which qualifies as direct financial execution.