starknet-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs creating RpcProvider/Paymaster instances that connect to public RPC/paymaster URLs (e.g., RpcProvider.create({ nodeUrl: 'https://rpc.starknet.lava.build' }) and new PaymasterRpc({ nodeUrl: 'https://sepolia.paymaster.avnu.fi' })) and then directs the agent to read/interpret blockchain state (provider.getBlock, provider.getStorageAt, provider.simulateTransaction, getTransactionReceipt, parseEvents, getSupportedTokens, etc.), which are open/public third‑party sources whose content can directly influence transaction decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a Starknet SDK guide with explicit crypto transaction capabilities: it shows account creation with private keys, signing, sending and waiting for transactions (Account.execute, account.deployAccount, account.executePaymasterTransaction), ERC-20 operations including transfer and approve, fee estimation and tip settings, wallet integration (walletAccount.execute), and message signing. These are concrete, purpose-built blockchain financial operations (token transfers, fee payments, sponsored gas), not generic tooling. Therefore it provides direct financial execution authority.