cardano-cli-plutus-scripts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes cardano-cli queries (e.g., "cardano-cli conway query utxo" and "query protocol-parameters") that read public on-chain UTxO, datum, and protocol-parameter data (public blockchain content produced by arbitrary users), and the workflow expects those outputs to be inspected/interpreted as part of building transactions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about constructing, signing, and submitting Cardano blockchain transactions using cardano-cli (examples show building txs, selecting UTxOs, collateral, tx-in/tx-out, signing and submitting). These are specific crypto/blockchain wallet and transaction operations (moving ADA), not generic tooling. It therefore grants direct financial execution capability.