NadName Agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., scripts/check-name.js and scripts/register-name.js) explicitly call the public NAD API at https://api.nad.domains (see SKILL.md and getRegistrationData in register-name.js), parse its responses for availability/pricing, and directly consume registerData and signature from that API to construct and send on-chain transactions—meaning untrusted third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides scripts and API/contract integrations to perform blockchain transactions that transfer value. It documents using a PRIVATE_KEY or managed keystore, shows the POST /api/register-request → contract.registerWithSignature(registerData, signature, { value: ethers.parseEther(price), gasLimit: ... }) flow, and instructs how to execute register-name.js which sends MON tokens as transaction value. This is direct crypto wallet signing and sending of funds (on-chain payments), not a generic tool, so it grants direct financial execution authority.