jaw-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's ENS-resolution rule explicitly requires the agent to call the public JustaName records API (GET https://api.justaname.id/ens/v1/subname/records?ens={NAME}&providerUrl=...) as part of its mandatory workflow (rules/ens-resolution.md) and to parse that external response to determine transaction recipient addresses, which can directly change subsequent wallet actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides CLI commands and RPC methods for transacting and signing with crypto wallets: it documents sending ETH and ERC-20 tokens, batch transactions, using wallet_sendCalls and eth_sendTransaction, signing messages/typed data, managing permissions, configuring paymasters, and scripting wallet operations. These are specific crypto/wallet transaction capabilities (including APIs and a daemon/MCP transport) intended to move funds and sign transactions—i.e., direct financial execution.