ethereum-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill clearly reads public, user-generated blockchain data (e.g., createPublicClient({ chain: mainnet }) and client.getStorageAt(...) and cast --rpc-url $RPC / event subscriptions in SKILL.md), so the agent is expected to fetch and interpret untrusted third‑party on‑chain content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on Ethereum development and includes concrete examples and APIs for constructing and submitting blockchain transactions. It provides EIP-1559 transaction example code using createWalletClient and client.sendTransaction, guidance on fee estimation, nonce management, transaction mechanics, and RPC methods. Those are specific crypto/blockchain capabilities (wallet client and sending transactions), not generic tooling, and therefore constitute direct financial execution capability.