ika-move

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required TypeScript and Move workflows explicitly ingest and act on public, user-generated blockchain and transaction data (e.g., calls like ikaClient.getDWalletInParticularState, getPresignInParticularState, extracting encrypted share IDs from transaction events, and using public Sui JSON-RPC via getJsonRpcFullnodeUrl), and those untrusted third-party contents are read/interpreted to decide protocol steps (acceptEncryptedUserShare, request_sign/execute), so they can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain wallet and signing operations. It defines dWallet creation (DKG), key import, presigning, direct signing and two-phase (future) signing APIs, coordinator methods like request_sign_and_return_id, request_imported_key_sign_and_return_id, request_sign_with_partial_user_signature_and_return_id, and treasury contract patterns that hold IKA/SUI balances, withdraw coins, and execute signed actions. These are specific crypto/blockchain wallet and signing primitives (including managing on-chain coins and contract-owned signing) which constitute direct financial execution capability.