vara-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly connects to public network endpoints (e.g., wss://testnet.vara.network, wss://rpc.vara.network) and includes workflows that read and subscribe to on-chain program state, mailbox messages, and events (see "watch", "subscribe mailbox", "inbox read", and the "message send" / "wait" examples), which are user-generated/untrusted third‑party content that the agent is expected to parse and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a blockchain wallet/CLI for the Vara Network and includes direct on-chain financial operations: transferring VARA ($VW transfer), fungible token transfers ($VW vft transfer, vft transfer-from), token approvals/mint/burn, DEX swaps ($VW dex swap), issuing vouchers/funding accounts, signing with wallet keys ($VW --account ... sign), and submitting transactions/extrinsics ($VW tx, message send, call with --value). These are specific crypto/blockchain wallet and transaction functions that can move funds and sign financial actions — not generic tooling. Therefore it grants direct financial execution authority.