emblem-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public, untrusted project and token metadata (including external metadata JSON URIs and images) from Migrate.fun via the migratefun hooks/endpoints (see references/migratefun-react.md — useProject, useMintInfo, ProjectSelect and the API endpoints /metadata/{id}, /mint-info/{id}), and that fetched content is used in the normal workflow and UI where it can influence migration, display, or subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provisions full-featured crypto wallets, provides transaction signing adapters (EVM, Solana, Bitcoin PSBT, etc.), and exposes trading/swaps, limit orders, and DeFi operations. The Agent Wallet CLI can auto-generate agent wallets and prepare/execute transfers (examples: "Prepare a transfer of 0.1 SOL..." and trading/swap workflows). These are specific crypto/blockchain signing and transaction execution capabilities — i.e., tools to move money.