near-api-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill demonstrates reading arbitrary on-chain and web-hosted data via public NEAR RPC endpoints (e.g., https://rpc.mainnet.near.org, https://test.rpc.fastnear.com) using provider.callFunction / contract.view (e.g., guestbook.get_messages, viewContractState) and even relayer HTTP endpoints (relayer.example.com), which are untrusted, user-controlled third-party sources the agent would parse.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a blockchain SDK (near-api-js) for interacting with the NEAR network and contains multiple, specific APIs and functions for creating, signing, and sending transactions that move value. Examples include account.transfer (NEAR and FT/USDT transfers), account.signAndSendTransaction, provider.sendTransaction, actions.transfer, actions.functionCall with deposits, manual transaction signing flows, adding access keys with allowances, deleting accounts while transferring remaining NEAR, and relayer/meta-transaction patterns. These are direct crypto/blockchain financial execution capabilities (wallet management, signing, and sending on-chain transfers), so it meets the "Direct Financial Execution" criteria.