wormhole

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow instructs fetching and interpreting signed VAAs and query responses from public guardian APIs/Wormholescan and an internet-facing CCQ proxy (see references/core-vaa-and-messaging.md "Usage" which cites fetching signed VAA from guardian public RPC or Wormholescan, and references/features-queries-ccq.md describing REST proxy forwarding guardian responses), which are untrusted third-party sources whose content can materially affect actions like submitting VAAs, repairVaa, or governance-related commands.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets blockchain token-bridge functionality. It lists Token Bridge operations and payloads (attestToken, transfer, completeTransfer, createWrapped) and describes cross-chain messaging, VAAs, and guardian/guardian-set operations — all specific crypto primitives used to move or reconstitute tokens across chains. This is not a generic toolset (like a browser or HTTP caller); it is specifically designed to perform crypto asset transfers and related signing/consensus actions. Therefore it grants direct financial execution capability.