haedal-vehaedal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the third‑party API endpoint get_vehaedal_list at https://skillsapi.haedal.xyz/api/v1/vehaedal to fetch arbitrary JSON about a user's veHaedal objects, which the agent is explicitly required to read/interpret and use (objectId selection) to decide and perform subsequent actions, exposing it to untrusted external content that could influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency DeFi operations on the SUI blockchain (Haedal Protocol). It defines specific API endpoints for actions that move/manage tokens and create blockchain transactions: add_stake, add_to_existing_stake, extend_existing_lock, start_decay, stop_decay, unstake_and_claim, and claim_rewards. The request bodies require signerAddress and/or vehaedalObj and on success return txBytes (base64) — i.e., transaction bytes intended for signing/broadcast. This is a specific crypto/blockchain financial execution interface (not a generic tool), so it grants direct financial execution capability.