token-minter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch RPC endpoints from the public URL https://chainlist.org/rpcs.json, which is a third-party, community-populated source that the agent is expected to read and interpret to choose an RPC, exposing it to untrusted external content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and deploy ERC20 tokens on EVM networks and includes concrete blockchain transaction steps. It requires a local cast wallet, RPC URL, account with funds for gas, and uses Foundry/cast commands to broadcast a deployment transaction (e.g., cast wallet new, forge create --rpc-url ... --account ... --broadcast). These are specific crypto/blockchain operations that sign and send transactions to move tokens/deploy contracts, so it provides direct financial execution capability.