dojo-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "Querying Entities" and "Subscribing to Changes" sections show it fetching entity data via sdk.getEntities and sdk.subscribeEntityQuery (backed by the Torii indexer/world RPC), which ingests untrusted/user-generated third-party world data and processes it in callbacks and UI logic that can influence agent/client actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates blockchain wallet/account tooling and transaction execution. It references Starknet libraries and connectors (e.g., @starknet-react, starknet, ControllerConnector/@cartridge/connector), shows connect/disconnect and useAccount hooks, and demonstrates calling client.actions.spawn({ account }) / "Transaction handling" in engine integrations. These are specific crypto/blockchain wallet and transaction APIs (wallet/account connection and on-chain action execution), not generic tooling — therefore it grants direct financial execution capability.