arweave

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's query command explicitly fetches public, user-generated content from the Arweave blockchain via GraphQL endpoints (e.g., https://arweave.net/graphql and https://arweave-search.goldsky.com/graphql) as described in SKILL.md, and those query results are intended to be read/used by the agent and could influence follow-up actions like selecting TX IDs to attach.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly handles a cryptocurrency wallet (Arweave JWK), performs local signing of transactions, and can spend AR tokens to upload files/sites and attach transactions to ArNS names. Commands (upload, upload-site, attach) create and send blockchain transactions, include wallet path arguments, and the doc discusses estimating costs, confirmations, and insufficient-balance errors. These are direct crypto transaction capabilities (wallets/signing/spending), so it grants direct financial execution authority.