v

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill exposes the agent to untrusted, public on-chain and user-generated data via MCP commands such as mcp__world_v_aptos__aptos_view and mcp__world_v_aptos__aptos_pending which the agent is expected to read/interpret at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes Aptos blockchain financial operations: mcp__world_v_aptos__aptos_transfer (transfer APT), mcp__world_v_aptos__aptos_swap (DEX token swaps), mcp__world_v_aptos__aptos_stake (staking with validator), plus a named Wallet (world_v_aptos) and balance/approve endpoints. These are specific crypto/wallet/transaction functions intended to move or manage funds (not generic tooling), so it meets the Direct Financial Execution criteria.