cardano-cli-plutus-scripts-operator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill invokes cardano-cli to query on-chain UTxOs (e.g., "cardano-cli conway query utxo --address $(cat script.addr) --testnet-magic 1") and consumes datum/redeemer and UTxO data from the public testnet/mainnet, which are user-generated/untrusted contents the agent must read and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to construct, sign, and submit Cardano blockchain transactions (cardano-cli transaction build / sign / submit), including selecting collateral UTxOs, specifying tx inputs/outputs, and using a signing key file. Those operations directly move ADA and execute Plutus script spends (i.e., on-chain value transfers). This is a specific crypto/blockchain transaction capability (not a generic tool), so it grants direct financial execution authority.