ton-http

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md and references/core-api-overview.md explicitly direct the agent to call and parse public TON Index / TonCenter endpoints (e.g., https://toncenter.com/api/v3/, the Swagger UI, and doc.json), which return untrusted, user-generated blockchain data that the agent is expected to read and that can materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill exposes explicit blockchain transaction and payment endpoints for the TON network (e.g., POST /sendBoc, /sendBocReturnHash, POST /api/v3/message, POST /api/v3/estimateFee, jetton transfer/burn endpoints, multisig wallet/orders, wallet states). These endpoints are specifically intended to create/send transactions, transfer tokens/jettons, and manage multisig orders — i.e., to move value on-chain. This meets the "Send Transaction"/payment gateway/crypto criteria for Direct Financial Execution.