blockrun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using xAI Live Search / Grok with search=True and web/news/x sources (see "Real-time X/Twitter Search" and "Search Parameters"), which fetches untrusted user-generated content from X/Twitter and public web/news sites that the agent ingests and uses to shape its responses.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages and uses a crypto wallet and on-chain USDC funds to autonomously pay for external services. It exposes functions like setup_agent_wallet() (auto-creates wallet), client.get_balance() (on-chain USDC balance), client.get_wallet_address(), generate_wallet_qr_ascii() for funding, client.get_spending(), and logic to charge the wallet per-call (micropayments to providers). This is a specific crypto/financial execution capability (wallet creation, balance checks, funding, and automated payments), not a generic API caller or browser automation. Therefore it grants direct financial execution authority.