near-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads and executes wallet executor scripts and manifests from external URLs (e.g., manifest: "https://my-server.com/wallets.json", executor fields like "https://mysite.com/near-executor.js", and registerDebugWallet/local executor URLs) into sandboxed iframes, meaning it ingests and renders untrusted third‑party code/UX hosted by arbitrary wallet providers.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and runs remote executor scripts at runtime (e.g., executor: "https://mysite.com/near-executor.js" and manifests like "https://my-server.com/wallets.json") which are loaded into sandboxed iframes and thus execute external code that directly controls wallet behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a NEAR blockchain wallet connector with built-in transaction signing and sending features. It exposes wallet interfaces and methods like signAndSendTransaction and signAndSendTransactions, includes examples calling ft_transfer, and integrates WalletConnect/various wallets. Those are specific crypto wallet and transaction execution capabilities (signing and sending on-chain transactions), which constitute direct financial execution authority.