ton-blueprint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's verify workflow (references/features-verify.md) explicitly fetches verifier config from the public URL https://raw.githubusercontent.com/ton-community/contract-verifier-config/main/config.json and may look up addresses via dton.io GraphQL and verifier.ton.org, meaning the agent ingests untrusted public third‑party content that it must read and act on during verification.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a TON blockchain development environment with explicit, specific blockchain transaction and wallet integration features. It references deploy flows via TonConnect, deeplink, and mnemonic (wallet signing/authentication), NetworkProvider fields like sender, api, waitForLastTransaction, and wrapper methods such as sendDeploy. These are concrete APIs/functions to create, sign, and send blockchain transactions (deploy contracts and interact with the chain), which constitute direct crypto/financial execution capability.