x

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill exposes the agent to public, user-controlled on-chain data by calling on-chain view functions (e.g., mcp__world_x_aptos__aptos_view and related MCP read endpoints) which the agent is expected to read and could contain arbitrary third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit blockchain financial operations tied to an Aptos wallet (wallet: world_x_aptos) via MCP tools such as aptos_balance, aptos_transfer (Transfer APT), aptos_swap (DEX token swaps), aptos_stake (staking) and aptos_approve/pending for decisions. These are specific crypto/blockchain capabilities that can move or manage funds (transactions, swaps, staking), so it meets the Direct Financial Execution criteria.