tronweb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documents APIs that fetch and act on data from arbitrary external node/event-server hosts (e.g., fullHost/eventServer in references/core-instance-setup.md and event APIs in references/features-events.md) and explicitly instruct agents to read responses that can change behavior (e.g., getSignWeight/getApprovedList in references/best-practices-multisig.md can return a modified transaction used for subsequent multiSign), which exposes the agent to untrusted third-party content that could influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a blockchain SDK (TronWeb) that explicitly provides wallet and transaction functions: setPrivateKey/setAddress, sign and broadcast transactions, sendTrx, sendToken, freeze/unfreeze, triggerSmartContract, signTypedData, and other transaction-building APIs. Those capabilities are specifically designed to create and execute on-chain transfers and manage crypto funds (wallet signing and broadcasting), which qualifies as direct financial execution.