u

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill exposes the agent to untrusted third-party content by reading public on-chain data and user-provided contract state via MCP endpoints (e.g., mcp__world_u_aptos__aptos_view, aptos_pending, aptos_intent), which could include arbitrary user-generated content that the agent must interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes blockchain wallet and transaction tools for Aptos: a named wallet ("world_u_aptos") plus MCP functions like aptos_balance, aptos_transfer (Transfer APT), aptos_swap (DEX swaps), aptos_stake, and aptos_approve/aptos_pending for approving transactions. These are specific crypto/blockchain financial operations (moving funds, swapping, staking, approving transactions), so it grants direct financial execution capability.