anoma-intents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests and interprets intents emitted on public blockchains (e.g., "Step 1: Create Intent on Aptos" with emit_intent and the AnomaObstructionSolver.match_intents consuming aptos_nullify intents), which are untrusted, user-generated on-chain data the agent reads as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about cross-chain blockchain intents and builds transactions that include payments/fees. It references Aptos, target chains, VCG payment computation, and constructs Transaction objects with Payment(...) entries (owner payment and solver_fee). It therefore defines specific crypto/blockchain transfer operations (including fee extraction) rather than a generic interface, so it grants direct financial execution capability.