midnight-compact

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The guide includes a runtime installation command that pipes remote shell code to sh — curl https://github.com/midnightntwrk/compact/releases/latest/download/compact-installer.sh | sh — which fetches and executes remote code and is presented as a required dependency for building/deploying, so it is a high-confidence risky external dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on building and deploying blockchain smart contracts for financial use: it documents ledger operations (read/write/insert/lookup), token and DeFi contract examples (private token, Zswap integration, confidential trading), "blockchain interaction primitives" in the standard library, cryptographic/elliptic-curve operations, TypeScript interop for calling circuits, and deployment scripts for testnet/mainnet. Those elements constitute specific crypto/blockchain capabilities (contracts that transfer/manage tokens, integrate with swaps, and scripts to deploy/execute on-chain), which enable direct financial execution.