blockchain-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The Web3Client code (e.g., the constructor using an arbitrary rpcUrl and callContract/getBalance methods) directly reads data from public blockchain nodes and smart contracts — untrusted, user-generated on-chain content (contract return values, events, token metadata) that the agent would parse and act on, enabling indirect prompt injection risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency financial operations. It includes smart contracts that mint tokens, perform transfers, staking, and AMM swaps (on-chain fund movements), and a Web3 client with explicit wallet integration and a sendTransaction(to, amount) function that constructs and broadcasts transactions and returns a transaction hash. These are specific crypto/payment execution capabilities (wallet connect, signing, sending transactions, contract interactions), so it grants direct financial execution authority.