solidity-code-verification

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly requires running acp browse "Cybercentry" and acp job create <wallet> ... which queries external provider wallets and submits Solidity code to third-party analysis providers whose returned job outputs are read and used to determine risk, exposing the agent to untrusted public provider content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and using the ACP CLI from https://github.com/Virtual-Protocol/openclaw-acp, which fetches and executes remote code (the CLI) that is required at runtime to create and run analysis jobs, so the external repository can directly control execution.