language-framework-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill’s documentation and examples explicitly show fetching and parsing arbitrary public web pages (e.g., aiohttp/requests examples and the BeautifulSoup “fetch_page_ethically” example, Cheerio/axios fetchAndParse(url), Crawlee/CheerioCrawler usage), which means the agent could ingest untrusted, user-generated content from arbitrary URLs as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a language/framework specialist listing many development tools. Most are generic programming frameworks, but it explicitly includes "Hardhat" — a development framework for Ethereum that is specifically used to deploy contracts, send/sign blockchain transactions, and interact with wallets. That capability falls under "Crypto/Blockchain (Wallets, Swaps, Signing)" from the policy and thus provides specific functionality to execute on-chain transactions (i.e., move value). Although there are no payment gateways or banking APIs listed, Hardhat is a crypto-specific tool and meets the threshold for direct financial execution risk.