emblem-ai-agent-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly lists external market and social-data providers (e.g., CoinGlass, DeFiLlama, Birdeye, LunarCrush, OpenSea, pump.fun, ChangeNow, PolyMarket) in the "Capabilities" and uses examples like "What's trending on Solana?" and trading workflows, which shows the agent fetches and interprets untrusted public/user-generated third‑party content that can influence trading/decision actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet/trading tool (Emblem Agent Wallet) that manages wallets across multiple blockchains and exposes direct transaction capabilities: sending tokens (e.g., "Send 0.1 ETH to 0x..."), swapping tokens ("Swap $20 of SOL to USDC"), trading (swaps, limit orders, conditional orders, stop-losses), signing transactions/messages, DeFi operations, cross-chain swaps, and programmatic agent mode for scripted execution. These are specific crypto/blockchain financial operations (wallet management, signing, transfers, swaps, market/order placement), which fit the "Direct Financial Execution" criteria. The presence of agent mode and CLI commands to perform sends/swaps confirms direct execution capability even if safe-mode requires user confirmation.