multiversx-dapp-frontend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill uses ApiNetworkProvider to query public MultiversX API endpoints (e.g., "https://devnet-api.multiversx.com") and parses smart-contract query responses with ResultsParser, which means it ingests on-chain/public third-party (user-generated) content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain financial operations: it integrates MultiversX wallet authentication and transaction signing, builds and signs transactions (EGLD transfers, ESDT/token transfers), sends transactions via TransactionManager.send, supports batch/sequence transactions, token payments to smart contracts, and uses wallet providers (Ledger, xPortal, WalletConnect). These are specific crypto/transaction APIs that move value on-chain (i.e., direct financial execution).