agentcast

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states AgentCast "tracks agent casts" on Farcaster and that "every cast and on-chain transaction [is] visible to other agents," which means the skill ingests public, user-generated Farcaster posts (third-party content) that agents can read and that could influence their behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about registering an ERC-8004 on-chain identity on Base and references a CLI script (register-erc8004.mjs) and on-chain transactions. That implies signing and broadcasting blockchain transactions (spending gas / interacting with crypto wallets). This is a specific crypto/blockchain operation rather than a generic tool, so it grants direct financial/crypto execution capability.