aoconnect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads and monitors AO messages and process results from Arweave/permaweb (via the result/dryrun/monitor commands and configurable MU/CU/GATEWAY URLs), which are public, user-generated third-party contents that the agent is expected to read and interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with Arweave wallets (JWK) and the @permaweb/aoconnect library to sign and send on-chain messages. It provides commands and API functions (e.g., messageAo, spawnAo) that accept a walletPath and examples that show sending a "Transfer" message with Recipient and raw balance value. Those are concrete crypto/blockchain transaction capabilities (wallet signing and token transfer), which constitute direct financial execution authority.