opensea

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill directly fetches public, user-generated content from OpenSea's REST/MCP/Stream APIs (see SKILL.md/README and scripts like scripts/opensea-get.sh and opensea-stream-collection.sh), and the agent is instructed to read/act on those responses (e.g., use fulfillment/swap transaction data), so untrusted third‑party metadata/events could materially influence tool use or next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides crypto/blockchain financial execution capabilities. It includes token swaps (get_token_swap_quote, opensea swaps execute, ./scripts/opensea-swap.sh), Seaport marketplace trade fulfillment (opensea-fulfill-listing.sh, opensea-fulfill-offer.sh), minting/deploying contracts (get_mint_action, deploy_seadrop_contract), and returns ready-to-submit transaction calldata. It also documents signing/execution via managed wallet providers or raw private keys (Privy, Turnkey, Fireblocks, or PRIVATE_KEY). These are specific tools to create, sign, and submit on-chain financial transactions (move funds/tokens), not generic interfaces—so this grants direct financial execution authority.