tonweb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly uses an HttpProvider to fetch data from the public TonCenter API (e.g., SKILL.md "Provider (API endpoint)" and core-http-provider.md) and documents workflows that parse get-method results, transactions, BOCs, and off-chain NFT URIs (e.g., parseTransferQuery, HttpProviderUtils.parseResponse), meaning the agent ingests untrusted, user-generated on‑chain/off‑chain content from third‑party endpoints which can materially influence subsequent actions like parsing results, fee estimation, and sending BOCs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a blockchain wallet SDK (TonWeb) with explicit APIs for creating/deploying wallets, sending transfers, sendBoc, getBalance, wallet methods (transfer, seqno), jetton (token) transfer/burn, payment channels, subscription contract pay, and Ledger integration (getPublicKey, sign, transfer). These are specific-purpose crypto/financial operations (signing and sending transactions, moving funds), so it grants direct financial execution capability.