wagmi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core actions (references/core-actions.md) and SKILL.md explicitly show using getEnsName, readContract, and other APIs that fetch public blockchain/ENS data via configured RPC transports (references/core-config.md), which are untrusted, user-controlled on-chain sources that the agent would read and could materially influence subsequent tool use (e.g., deciding to call writeContract); therefore it exposes the agent to third-party content that could enable indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Ethereum interaction: it provides wallet connectors (MetaMask, WalletConnect, Coinbase, Safe, EIP-6963), "connect wallet" primitives, and read/write contract APIs (useWriteContract, writeContract, useSimulateContract, useWaitForTransactionReceipt). These are specific blockchain wallet/transaction tools able to sign and send on-chain transactions (i.e., move crypto or execute asset-affecting contract calls). Per the rules, this is a direct crypto/blockchain financial execution capability.