walletconnect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill explicitly accepts and pairs arbitrary wc: URIs (references/core-pairing-uri.md shows using client.pair({ uri }) / display_uri) and processes incoming session_request payloads (references/core-sign-client.md shows client.on("session_request", ...) and client.request/respond flows), meaning it ingests untrusted user-generated pairing/QR URIs and subsequent JSON‑RPC requests that can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a WalletConnect integration: it provides Sign Client functionality (connect, approve, request, respond, disconnect), Universal Provider (multi-chain, request, setDefaultChain), an Ethereum Provider (EIP-1193), signer connection primitives, and a Pay SDK including confirmPayment/getPaymentOptions/getRequiredPaymentActions. These are specific, crypto-oriented APIs for connecting wallets and signing/sending transactions and confirming payments — i.e., directly authorizing/moving funds on-chain or initiating payments. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of direct financial execution.