sui-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skills explicitly instruct runtime fetching and use of public, user-generated on-chain data (e.g., Sui fullnode gRPC/GraphQL endpoints like https://fullnode.testnet.sui.io:443 and https://graphql.testnet.sui.io/graphql and APIs such as SuiGrpcClient/client.getBalance/client.getOwnedObjects and coinWithBalance) in the sui-frontend and sui-ts-sdk SKILL.md files, which the agent is expected to read/interpret to build and execute transactions and thus can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Sui blockchain development and includes concrete crypto/transaction capabilities: PTB/Transaction construction (Transaction, moveCall, splitCoins, coinWithBalance), SuiClient/SuiGrpcClient usage, keypair signing, and "transaction execution". The frontend sub-skill also exposes wallet connection and hooks like useSignAndExecuteTransaction. These are specific blockchain wallet/transaction signing and execution APIs (i.e., direct capabilities to move crypto on-chain), so this qualifies as direct financial execution.