web3-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill includes mainnet forking and RPC calls (e.g., process.env.MAINNET_RPC_URL and the Alchemy URL in vm.createSelectFork) and explicitly reads/interacts with live on-chain contracts like DAI and Uniswap, which are public, user-generated third-party data sources that the agent will ingest during testing.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on Web3/blockchain testing and includes concrete examples of sending transactions and interacting with on-chain assets: token.transfer calls, impersonating accounts to move tokens, mainnet forking to interact with Uniswap (swaps), and a Hardhat network config that uses a PRIVATE_KEY for accounts. These are specific crypto/blockchain actions (wallet signing, transfers, swaps) rather than generic tooling, so it grants direct financial execution capability.