web3-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's tests explicitly fork and query the public Ethereum mainnet via RPC (e.g., vm.createSelectFork("https://eth-mainnet.alchemyapi.io/v2/...") and network.provider.request with jsonRpcUrl = process.env.MAINNET_RPC_URL in the mainnet-forking examples), which ingests untrusted, user-generated on-chain content that the agent reads and acts on as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Web3 smart contract testing and includes concrete blockchain transaction capabilities: Hardhat network configs with accounts using process.env.PRIVATE_KEY, unit tests that call token.transfer, mainnet forking and interacting with live ERC-20 contracts (DAI), and Foundry cheatcodes (vm.prank, vm.deal, createSelectFork) that enable signing/impersonation and executing on-chain actions. These are specific crypto/blockchain operations (signing/transacting/interacting with tokens), not generic tooling, so it grants direct financial execution capability.