escrow-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and displays user-provided escrow data (e.g., task.description, submitted proofs) via APIs/tools like createEscrow/list_escrows/get_escrow and the ESCROWAGENT_INDEXER_URL (https://escrowagent.onrender.com), so the agent will read arbitrary third-party/user-generated content that could contain injected instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily designed to move and manage money on-chain. It provides SDKs and agent tools for Solana (SPL) and Base (ERC‑20) that require private keys/RPC URLs and a contract address, and exposes direct financial operations such as create_escrow (lock/deposit funds), accept_escrow, confirm_completion (release funds), cancel_escrow, raise_dispute, and resolve_dispute. The documentation includes concrete API calls and code samples showing on‑chain transactions and keys, and the toolset is intended for agent-to-agent payments, trustless settlement, and dispute resolution. This is a specific financial execution capability (crypto/blockchain payments), not a generic tool.