blockrun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). BlockRun's SDK explicitly enables real-time X/Twitter Live Search and web/news sources via client.chat(search=True) and search_parameters (e.g., "type": "x", "type": "web", "news"), causing the agent to fetch and analyze untrusted public social-media and web content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages and uses a crypto wallet and on-chain USDC funds to autonomously pay for external services. It exposes functions like setup_agent_wallet() (auto-creates wallet), client.get_balance() (on-chain USDC balance), client.get_wallet_address(), generate_wallet_qr_ascii() for funding, client.get_spending(), and logic to charge the wallet per-call (micropayments to providers). This is a specific crypto/financial execution capability (wallet creation, balance checks, funding, and automated payments), not a generic API caller or browser automation. Therefore it grants direct financial execution authority.