midnight-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and example workflows (e.g., references/api-examples.md Example 4 "Delegate Proof Generation" and Example 5 "Query Blockchain Data", plus dapp-connector-api.getConfiguration usage) explicitly fetch and use external endpoints such as config.proverServerUri and public indexer URIs (e.g., https://indexer.testnet.midnight.network or a FetchZkConfigProvider('https://example.com')), and the agent consumes and acts on those responses (proof generation, choosing indexer/prover, transaction building/submission), so untrusted third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The Contract Deployment guide includes a direct install command that pipes a remote script to the shell ("curl ... | sh"), so the skill would fetch and execute remote code from https://github.com/midnightntwrk/compact/releases/latest/download/compact-installer.sh as a required dependency (Compact compiler installer).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents blockchain financial APIs: Wallet API (wallet creation, key management, transaction signing, coin selection), ZSwap API (private token transactions, transaction building/submission), Ledger API (transaction submission, gas estimation, balance queries), and DApp Connector methods like makeTransfer/makeIntent/submit. These are specific crypto wallet and transaction functions intended to move funds on-chain (signing, submitting, swapping), so it grants direct financial execution capability.