cardano-mcp-transactions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Transaction sources explicitly accept unsigned CBOR from external dApp APIs / public sources (e.g., "dApp API | Capture from mint/swap API response") and requires the agent to decode and interpret that CBOR to produce the structured preview before submitting, so untrusted third-party content can materially influence submission decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to sign and submit Cardano blockchain transactions. It exposes a submit_transaction tool that accepts unsigned transaction CBOR, the MCP server signs with the wallet seed and broadcasts the tx, and the docs repeatedly warn this is a "high-risk" sign+submit flow. This is a direct crypto/blockchain execution capability (wallet signing + on-chain submission), not a generic tool — therefore it grants direct financial execution authority.