starknet-tongo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly ingests public, user-generated on-chain data via the configured STARKNET_RPC_URL (RpcProvider) and Tongo SDK calls (e.g., tongo.state(), getTxHistory(), getEvents*, and provider.waitForTransaction) as shown in SKILL.md and scripts/demo-e2e.ts, and those on-chain values are read and acted upon (balance/pending checks, transaction handling), so untrusted third-party content can influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment/wallet integration for Starknet (Tongo protocol). It provides concrete operations to move funds: fund (ERC20 -> Tongo), transfer (confidential on-chain transfers), rollover, withdraw (Tongo -> ERC20), ragequit (full withdrawal), and outside_fund. It requires private keys, constructs and sends signed transactions via Starknet RPC/account.execute, and includes parameters for amounts and recipient addresses. These are specific, direct financial execution capabilities (crypto wallet/transaction APIs).