initia-appchain-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and building code from public third-party GitHub repos (e.g., SKILL.md Environment Setup Workflow step 4: "git clone --depth 1 https://github.com/initia-labs/minimove.git ...", and similar clones in EVM/WASM build steps), so untrusted external content is ingested and used in the runtime workflow and could materially alter subsequent tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). I flagged the runtime installer/clone URLs (e.g., git clone https://github.com/initia-labs/minimove.git, https://github.com/initia-labs/minievm.git, https://github.com/initia-labs/miniwasm.git and the curl-based installers like curl -L https://foundry.paradigm.xyz | bash and curl https://sh.rustup.rs | sh) because the skill's setup steps fetch remote repositories or run curl|sh installer commands at runtime which download and execute remote code as required dependencies.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain development and operational tasks that create and broadcast transactions (i.e., move money/tokens). It contains concrete, non-generic transaction/payment operations and APIs: examples include minitiad tx evm create (EVM deployment/tx submission with --from), minitiad tx move publish, bank send formatting guidance, requestTxSync/requestTxBlock usage (including autoSign: true for silent signing), and helper scripts like scripts/fund-user.sh. These are specific crypto/blockchain transaction & signing capabilities (wallet/tx signing and broadcasting), not generic tooling, so it grants Direct Financial Execution authority.