openfort

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md) instructs the agent to use mcp__vocs__read_page, mcp__vocs__search_docs and source-reading tools against public documentation and repositories (via https://www.openfort.io/api/mcp and listed openfort-xyz / viem / wagmi sources), meaning it will fetch and interpret untrusted public third‑party content that can influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on Openfort SDKs for embedded wallets and stablecoins and mentions EVM and Solana wallets and "Fee Sponsorship" (pay transaction fees on behalf of users). These are crypto/blockchain wallet and transaction capabilities (signing/sending transactions and sponsoring fees), i.e., specific tools/APIs to move value rather than generic tooling. Therefore it provides direct financial execution capability.