haedal-hasui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md specifies calling the external Haedal Skills API (e.g., POST https://skillsapi.haedal.xyz/api/v1/hasui/get_unstake_tickets_list) and requires the agent to read and present the returned untrusted list[] entries (objectId, st_amount, etc.) and then use a selected objectId to drive a subsequent claim call, so third‑party content directly influences actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to perform blockchain financial operations on the Haedal Protocol (SUI): it exposes dedicated endpoints for stake, withdraw, withdraw_instant, get_unstake_tickets_list and claim. Those endpoints construct on‑chain transactions (returning txBytes) and require parameters such as address, amount, validator and NFTObj. This is a targeted crypto/DeFi execution interface (not a generic HTTP or browser tool) to move or claim funds on-chain, so it constitutes direct financial execution capability.