rocket-pool

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill makes live requests to external, public third‑party endpoints (e.g., the Rocket Pool APR API at https://api.rocketpool.net/api/apr in src/commands/apy.rs and JSON-RPC calls to https://ethereum.publicnode.com via onchainos::eth_call in src/onchainos.rs, including dynamic contract address resolution from RocketStorage in src/contracts.rs), parses those untrusted responses, and uses them to compute exchange rates, expected rETH/ETH outputs and liquidity warnings that materially influence transaction previews and decision points—so external content can change tool behavior beyond mere display.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform crypto financial operations on Ethereum: it includes commands to stake ETH (deposit to RocketDepositPool) and to unstake/burn rETH for ETH, requires wallet login, and issues signed on-chain transactions via explicit calls like onchainos wallet contract-call --chain 1 --to <...> --amt <WEI> --input-data ... (write ops). Those are concrete blockchain wallet/transaction operations (wallet signing and broadcasting) for moving funds, not generic tooling. Therefore it grants direct financial execution capability.