open-sea-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill connects to the public OpenSea marketplace via the "open_sea" toolkit (used through RUBE_MANAGE_CONNECTIONS, RUBE_SEARCH_TOOLS, and RUBE_MULTI_EXECUTE_TOOL), so the agent will fetch and read user-generated marketplace content (listings, metadata, descriptions) from an untrusted third-party source as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for automating OpenSea (an NFT/crypto marketplace) via a dedicated "open_sea" toolkit and requires establishing an active OpenSea connection and executing discovered tool slugs (RUBE_MULTI_EXECUTE_TOOL / run_composio_tool). Although individual tool actions aren't enumerated in the prompt, the toolkit's primary purpose is marketplace/crypto operations (listing, buying, transferring, signing transactions via wallet connections), which falls squarely under Crypto/Blockchain financial execution (wallets/transactions/signing). This is not a generic HTTP or browser tool — it's a specialized toolkit for a crypto marketplace and therefore grants the capability to perform direct financial/asset operations.