b

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill can read arbitrary public on-chain data (user-generated smart contract/state content) via the mcp__world_b_aptos__aptos_view call, exposing the agent to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes blockchain wallet and transaction functions tied to an Aptos wallet ("Wallet: world_b_aptos") and an MCP namespace. The listed MCP tools include aptos_transfer (Transfer APT), aptos_swap (DEX token swaps), aptos_stake (staking with validator), and aptos_approve/aptos_pending which are transaction/approval controls. These are specific crypto/financial execution capabilities (sending funds, swapping tokens, staking), not generic utilities—so it grants direct financial execution authority.