compose

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on public, user-generated on-chain event data via the onchain_event trigger (see "Onchain event listener" and TaskContext examples where raw params.log is decoded with evm.decodeEventLog and then used to drive actions), so untrusted third-party content can influence task behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quickstart instructs running "curl https://goldsky.com | sh", which fetches and executes remote code at install/runtime and the skill's CLI-mode depends on the goldsky CLI, so https://goldsky.com is a runtime external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides crypto/blockchain transaction capabilities: it exposes evm.wallet (smart managed wallets and BYO EOAs with private keys), wallet.writeContract calls, gas sponsorship, and onchain write triggers. These are specific tools to sign and send on-chain transactions (manage wallets, sponsor gas, and perform writes), which constitute direct financial execution authority in the crypto domain.