tonapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill makes live requests to public TonAPI endpoints (e.g., https://tonapi.io /v2/accounts, /v2/events, /v2/nfts, SSE endpoints like /v2/sse/..., and the webhooks API at rt.tonapi.io) and the required scripts and SKILL.md show the agent reads and acts on those responses (streaming, emulation, send message, gasless/send, webhook subscription), so untrusted, user-generated third‑party content can influence subsequent tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a purpose-built TON blockchain API client (TonAPI) with explicit transaction and wallet operations. It includes commands to send messages/transactions (blockchain.sh --action send with BOC), gasless transaction sending (gasless.sh --action send), multisig order management, jetton transfer payloads, wallet operations (seqno, TonConnect, emulate/send), and other token/staking transfer-related endpoints. These are specific crypto/blockchain capabilities that can move value on-chain, so this is direct financial execution authority.