battlechain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to "Always fetch" the public URL https://docs.battlechain.com/llms-full.txt for technical details, meaning the agent will read and act on content from an open third-party site that can materially influence deployment decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to "Always fetch" the external docs at https://docs.battlechain.com/llms-full.txt as the single source of truth for BattleChain technical details, meaning runtime-fetched content would be injected into and directly control the agent's instructions/context.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about a blockchain L2 (BattleChain) and is designed to deploy and interact with smart contracts that handle "real funds." It references a deployment library/repo with contract addresses and "deployment shortcuts" and gives concrete commands (forge script ...) used to run on-chain deployment scripts. Deploying contracts and interacting with those addresses inherently sends on-chain transactions (crypto operations/signing) and thus is a specific crypto/blockchain execution capability, not a generic tool. Therefore it meets the "Direct Financial Execution" criteria.