ercdata

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI and code call the on-chain contract's getData() via the Base mainnet RPC (DEFAULT_RPC https://mainnet.base.org / DEFAULT_CONTRACT) and decode/print entry.data, meaning the agent can fetch and interpret arbitrary public on-chain/user-provided data entries.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly interacts with the Base (Ethereum-compatible) mainnet and requires a private key (ERCDATA_KEY) plus a funded wallet for gas. Its commands (e.g., store, grant-access, revoke-access, register-type, snapshot) are implemented via web3/eth-account and will create and sign on-chain transactions. Because it provides specific blockchain transaction signing/sending capability (wallet key usage and RPC to Base), it enables direct crypto/ blockchain financial execution (paying gas, signing transactions). Therefore it meets the "Direct Financial Execution" criteria.