cairo-auditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs a Threat Intel Enrichment pass (Turn 2.5) that uses curl to fetch up to 6 external public sources (official audit reports, vendor writeups, etc.) and then appends the normalized signals into agent prompts (Agents 1–4 and Agent 5) as "Threat Intel (hints only)", so the agent reads and may prioritize actions based on untrusted third‑party web content fetched at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit blockchain wallet/signing and transaction APIs. The Starknet.js example creates an Account with an address and PRIVATE_KEY/signer and performs a state-changing probe via contract.invoke(...) and provider.waitForTransaction(...). That is direct crypto/blockchain transaction signing/execution capability (wallet signing & sending transactions), which meets the "Crypto/Blockchain (Wallets, ... Signing)" criterion for Direct Financial Execution.