arweave

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly describes using public Arweave gateways and HTTP endpoints (e.g., GET /tx/{id}/data.html in references/features-http-api.md and path manifest serving in references/features-path-manifests.md) to fetch and serve arbitrary public transaction content and site assets from the open Arweave network, which is user-provided/untrusted and could contain executable instructions that influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes Arweave node/gateway APIs that include wallet and balance endpoints, transaction structure (target, quantity, signature), POST tx (submit transactions), and internal API for wallet generation/unsigned transactions. Those are explicit crypto/blockchain capabilities (creating/signing/posting AR transactions and managing wallets), which constitute direct financial execution authority.