moralis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation and examples show the agent fetching public, user-generated blockchain and metadata (e.g., NFT/token metadata, wallet transactions and on-chain data) via the Moralis Web3 Data API and Cortex (see references/core-wallet-token-nft.md, references/core-web3-data-api.md, and references/features-moralis-cortex.md), which are untrusted third‑party sources the agent is expected to read and could materially influence its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly includes runtime commands to install/run the Moralis MCP server via npx (https://www.npmjs.com/package/@moralisweb3/api-mcp-server), which will fetch and execute remote code and can control agent prompts/instructioning as an MCP transport.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Web3 API focused on wallets, tokens, and transactions. Its description lists "Wallet, Token & NFT | Balances, transfers, metadata, prices" and includes an Auth API for wallet sign-in (EIP-4361). Those capabilities (wallet transfers and wallet signing/auth) are specific crypto/blockchain functions that enable sending/signing transactions — i.e., direct financial execution.