cast

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries and ingests data from public third‑party sources — e.g., openchain.xyz in references/4byte-commands.md, Etherscan/block explorers in references/code-commands.md and utility-commands.md (creation-code, source), and arbitrary RPC endpoints via the --rpc-url option — and it expects the agent to read/interpret those responses (signatures, contract source, RPC results) as part of normal workflows, which could materially change subsequent tool use or decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain financial operations: it lists "sending transactions", "wallet management", and shows concrete examples (e.g., cast send ... --private-key $PK, transfer(...)) which perform on-chain transfers and signing. These are specific crypto/blockchain capabilities (wallet management and transaction submission) that can move funds, so this constitutes direct financial execution authority.