ERC-8004 Register

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and decodes arbitrary HTTP(S) tokenURI JSON and image URLs (decode_data_uri and image HEAD checks in validate_agent_data) and also queries the public Agentscan API in cmd_self_check, thereby ingesting and interpreting untrusted, user-generated content from the open web.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain actions (register, update, fix) against a smart contract and requires blockchain wallet credentials (mnemonic or private key). It lists the contract address, uses web3/eth-account, and provides CLI commands that will create/signed transactions on supported chains. This is specific crypto/blockchain signing and transaction functionality (not a generic tool), so it grants direct financial execution capability.