alice

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill reads public on-chain and user-generated data via its MCP Aptos endpoints (e.g., mcp__alice_aptos__aptos_view, aptos_balance, aptos_pending) which the agent is expected to fetch and interpret, exposing it to untrusted third-party content that could carry indirect prompt-injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly exposes blockchain transaction functions tied to an Aptos wallet (alice_aptos). The listed MCP tools include aptos_transfer (transfer APT), aptos_swap (DEX token swaps), aptos_stake (staking with a validator), and aptos_approve (approve/reject decisions). These are specific crypto/financial execution operations (wallet transfers, swaps, staking and approvals), not generic tooling, and therefore constitute direct financial execution capability.