sns-launch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs copying and cloning the public dfinity/sns-testing GitHub repo ("SNS Configuration File" and "Local Testing with sns-testing" sections show git clone https://github.com/dfinity/sns-testing.git and "Copy the template from the dfinity/sns-testing repo"), so it fetches and relies on untrusted public third-party content that could influence configuration and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs "git clone https://github.com/dfinity/sns-testing.git" and instructs using that repo's setup/tooling to deploy and initialize SNS canisters, meaning remote code from https://github.com/dfinity/sns-testing is fetched and executed at runtime and is a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about launching an SNS DAO including a decentralization swap: it defines and configures a Swap canister that "runs the decentralization swap (ICP for SNS tokens)", references the ICP Ledger ("handles ICP token transfers during swap"), includes swap parameters (min/max participation, caps, duration, vesting) and commands to check swap/ledger state (e.g., icp canister call SNS_SWAP_ID get_state, icp canister call sns_ledger icrc1_total_supply). These are specific crypto/asset operations (token transfers and token swap mechanics), not generic tooling. Therefore it grants direct financial execution capability.