pasp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill queries the public Arweave GraphQL endpoint (https://arweave.net/graphql) and fetches post/profile/thread content from the Arweave gateway (https://arweave.net/), which are public, user-generated permaweb posts and comments that the agent parses and renders—exposing it to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The PASP skill explicitly requires and uses an Arweave wallet (JWK) for signing transactions (profiles, posts, comments, follows). It supports direct Arweave uploads that consume AR tokens, exposes commands to check wallet/turbo balances and upload costs, and provides a purchase URL/workflow for buying Turbo credits. These are explicit crypto/blockchain wallet and signing operations (on-chain transactions and balance management), which qualify as direct financial execution capability under the crypto/wallet/signing criterion.