bob

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill exposes the agent to untrusted, user-generated on-chain content because it explicitly accesses the public Aptos blockchain via MCP commands (e.g., mcp__bob_aptos__aptos_view, mcp__bob_aptos__aptos_pending, aptos_transfer) which can return arbitrary third-party data the agent is expected to read/interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes blockchain wallet and transaction tools tied to an Aptos wallet (wallet: bob_aptos) and MCP commands that perform on-chain financial actions: mcp__bob_aptos__aptos_transfer (Transfer APT), mcp__bob_aptos__aptos_swap (swap tokens on DEX), mcp__bob_aptos__aptos_stake (stake with validator), plus approval/intent/pending endpoints. These are specific, purpose-built financial operations (sending funds, swapping tokens, staking) rather than generic tooling, so it grants direct financial execution authority.