alchemy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples and API surface (e.g., references/features-nft.md showing alchemy.nft.getNftsForOwner, getNftMetadata and iterate via getNftsForOwnerIterator) clearly fetch and read public, user-generated NFT metadata and marketplace/sales data from third-party sources, which the agent is expected to interpret and could influence subsequent actions (e.g., simulate/send transactions or create webhooks).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an SDK for blockchain interactions and explicitly exposes transaction and asset-transfer functionality. The prompt lists "Transact — simulate asset changes/execution, send tx, private tx (Flashbots), cancel" and "Core Namespace — ... asset transfers," plus portfolio/notify features that work with wallets and transactions. These are specific crypto/blockchain operations for creating and sending transactions (i.e., moving funds/assets), so it grants direct financial execution capability.