starknet-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to external RPC endpoints (e.g., RpcProvider.create with nodeUrl in SKILL.md and the scripts/account-example.ts which reads STARKNET_RPC_URL) and consumes blockchain state/transaction data from these public third-party providers as part of its workflow, so untrusted remote content can be read and influence transaction/decision logic.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a Starknet SDK guide with explicit crypto transaction capabilities: it shows account creation with private keys, signing, sending and waiting for transactions (Account.execute, account.deployAccount, account.executePaymasterTransaction), ERC-20 operations including transfer and approve, fee estimation and tip settings, wallet integration (walletAccount.execute), and message signing. These are concrete, purpose-built blockchain financial operations (token transfers, fee payments, sponsored gas), not generic tooling. Therefore it provides direct financial execution authority.