send-usdc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs ENS resolution via the Ethereum mainnet (see the "ENS Resolution" section in SKILL.md), which fetches user-controlled, public blockchain name-to-address data that the agent must read and that directly determines where funds are sent, so untrusted third-party content could redirect or alter agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill repeatedly instructs running npx to fetch and execute the "awal" package from the npm registry (e.g. https://www.npmjs.com/package/awal or https://registry.npmjs.org/awal), which pulls and runs remote code at runtime and is a required dependency for performing the send operation.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to transfer funds: it provides a dedicated "send" command to transfer USDC to Ethereum addresses or ENS names, includes authentication and balance prerequisites, ENS resolution, and example invocations (e.g., npx awal@latest send 1 0x..., send '$5.00' vitalik.eth). This is a specific crypto-wallet/payment operation (sending USDC on a blockchain), not a generic capability, so it grants Direct Financial Execution authority.