evm-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's ERC-8004 / agentic docs explicitly describe reading agent registration files (agentURI as IPFS/HTTPS), agent service endpoints, and reputation metadata (references/agentic/erc-8004.md and references/agentic/x402.md), which are arbitrary public/user-provided resources the agent would discover and parse—exposing it to untrusted third-party content that could carry indirect prompt-injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on EVM/blockchain development and includes concrete, money-moving capabilities. It references deploying to mainnet/L2s, multi-sig deployment, account-abstraction/contract wallets (ERC-4337), pay-per-request payment patterns (x402), and shows CLI wallet usage that signs and sends transactions (example: cast send $ADDR "transfer(address,uint256)" $TO $AMT --private-key $PK). Those are specific crypto/blockchain signing and transaction-sending tools — i.e., direct financial execution capability.