starknet-identity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly embeds and expects external, public URIs (e.g., tokenUri = "ipfs://..." for the full agent spec, validation request_uri/response_uri, fileuri fields, and the A2A agent card served at /.well-known/agent.json) that point to public IPFS/HTTP-hosted agent specs and reports which the agent is expected to read/interpret, exposing it to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill contains explicit blockchain wallet and transaction operations: it uses Starknet Account objects with privateKey/signer, calls account.execute(...) to send on-chain transactions (register_with_metadata, set_metadata, give_feedback, validation_request, validation_response), waits for transaction receipts, and signs messages (ownerAccount.signMessage / computePoseidonHash). Those are concrete crypto/blockchain wallet and signing APIs. The A2A card also lists a "Token Swap" skill. Together these are specific crypto/blockchain execution capabilities (wallet signing and sending transactions), so this is Direct Financial Execution risk.