graphlinq

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to call external APIs via Membrane (e.g., "membrane action list" and "membrane request CONNECTION_ID /path/to/endpoint") to fetch GraphLinq Protocol action objects and API responses, which are third-party/untrusted content the agent must read and use to choose and run actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill integrates with GraphLinq Protocol — a blockchain-focused automation platform explicitly described as used by "traders" to implement "trading strategies" and that exposes concepts like "Account" and "Wallet." The integration exposes running connector actions and a proxy for arbitrary API endpoints (including POST/PUT), and uses Membrane to handle authenticated connections. Those capabilities enable wallet operations and on-chain transaction or trading actions (i.e., sending transactions, swaps, or executing orders) rather than just generic browsing or HTTP requests. Because the connector is specifically targeted at blockchain trading/wallet workflows, it provides direct financial execution capability.