meshjs-cardano

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill uses a BlockfrostProvider (e.g., provider.fetchAddressUTxOs) and processes on-chain data and NFT metadata/IPFS links, which are public, user-generated third-party content that the agent is expected to read and interpret at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Cardano blockchain financial operations: it provides wallet connectors (CIP-30), transaction building APIs (Transaction.sendLovelace, sendAssets, mintAsset, redeemValue), calls to wallet.signTx and wallet.submitTx, and examples of submitting transactions and minting tokens. These are specific crypto/ blockchain transaction signing and submission capabilities (directly moving assets on-chain), not generic utilities. Therefore it grants Direct Financial Execution authority.