seed-hypermedia

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill fetches and renders arbitrary public Seed Hypermedia content (e.g., "get ", "search", "comments " using hm:// URLs and the default server https://hyper.media or user-specified servers), so the agent will read and interpret untrusted, user-generated third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit crypto key management features: commands to generate/import signing keys from mnemonics, list/show/remove keys, set a default signing key, and derive account IDs. These are specific blockchain/wallet signing capabilities (mnemonic import/derive and signing keys) that enable signing/authorization of on‑chain actions or payments. That meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution authority.