starknet-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches token metadata from a public third‑party service (the avnu SDK / AVNU API via calls like fetchTokenByAddress and fetchVerifiedTokenBySymbol shown in scripts/check-balance.ts, scripts/check-balances.ts and described in SKILL.md), and that untrusted/token-owner-provided data is used at runtime to resolve token addresses/decimals which directly affect balance queries, formatting and transaction targets—so external content can influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Starknet wallet designed to move crypto assets. It defines tools and APIs for sending tokens (starknet_transfer), executing token swaps (starknet_swap, starknet_get_quote, AVNU integration), invoking state-changing contract functions (starknet_invoke_contract, multi-call, approve/transfer), and estimating/ paying fees (paymaster/gasless modes). It requires account private keys and RPC endpoints and supports session keys for autonomous (pre-approved) transactions. These are specific crypto/wallet operations (not generic tooling) that can directly execute financial transactions on-chain.