multiversx-sharp-edges

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill includes examples that read and call arbitrary on-chain contracts and data (e.g., #[storage_mapper_from_address("key")] reading another contract's storage, proxy/DEX/provider async calls, and blockchain().get_esdt_token_data), which are untrusted third-party sources the agent would read/interpret at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about MultiversX smart-contract financial behavior and contains concrete, platform-specific APIs and examples that perform on-chain value transfer and transaction construction: e.g. self.tx().to(...).egld(&amount), .payment(&payments).transfer(), Payment::new(...), delegate() with egld, DEX swap calls returning back-transfers, and guidance on NonZeroBigUint/Payment types. These are not generic browser or HTTP examples but explicit blockchain payment/transfer primitives that directly move or manage tokens/EGLD, so it grants Direct Financial Execution Authority.