cardano-devnet-in-a-box

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly clones and runs the upstream public GitHub repo "cardano-scaling/hydra" (into devnet-in-a-box/.vendor/hydra) and instructs the agent to run upstream demo scripts and read their outputs/logs, which exposes the agent to arbitrary public, user-maintained third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Cardano blockchain devnet harness: it provides cardano-node + cardano-cli, Ogmios (for chain sync and tx submission), Kupo (UTxO indexing), and Hydra (L2 heads). The docs explicitly state you can "build/sign/submit real transactions", create/spend ADA UTxOs, and push L2 transactions. These are specific crypto/blockchain transaction and signing capabilities (not generic tooling), so it grants direct financial execution authority.