aave-viem-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads public blockchain data via RPC endpoints (ENV vars like ETHEREUM_RPC_URL and fallbacks such as https://ethereum.publicnode.com) and its workflow (references/contract-read-write.md) requires reading user/account data (balanceOf, allowance, account data), which are untrusted, user-generated public sources that can materially influence transactions and tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for EVM/AAVE interactions and includes wallet client setup, reading ERC20 balances/allowances, read/write contract operations, and "simulating and sending contract transactions" — i.e., signing and submitting blockchain transactions. This is a specific crypto/blockchain execution capability (wallets, sending transactions), which meets the "Direct Financial Execution" criteria.