starknet-anonymous-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — parse-smart.js (and scripts/_tokens.js) fetches AVNU token lists via fetchVerifiedTokens and parse-smart.js also retrieves on‑chain ABIs through RpcProvider.getClassAt (using public RPC URLs like https://rpc.starknet.lava.build), and those external, public sources are returned as ABI/token context that the LLM is explicitly instructed to use to build execution plans, so manipulated public content could indirectly change tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations on Starknet. It includes account/wallet creation (Typhoon flow), private-key signing via Account/Signer, direct contract write/invoke functionality (invoke-contract.js), on-chain swap execution flows (avnu-swap.js) and AVNU SDK calls such as getQuotes/executeSwap. It also describes signing/sending transactions and waiting for receipts (provider.waitForTransaction), preflight fee estimates, allowance checks, and conditional watch+execute automations. These are specific blockchain wallet and swap APIs that move funds on-chain, not generic tooling, so it grants direct financial execution capability.