aptos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly shows runtime fetching and parsing of public, user-controlled data (e.g., aptos-dapp-integration calls like aptos.getAccountResources / aptos.getAccountOwnedTokens and SDK view calls that read arbitrary account data, Decibel REST/WebSocket market endpoints and ws.onmessage JSON parsing, and Shelby client getBlob downloads), which are open third‑party or user-generated sources the agent would read and interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about the Aptos blockchain and Move smart contracts and includes concrete, actionable primitives for moving value: coin::transfer, primary_fungible_store::transfer, object::transfer/transfer_with_ref, minting tokens, and examples of signing and submitting transactions via the Aptos TypeScript SDK (aptos.signAndSubmitTransaction). These are crypto/blockchain APIs that perform wallet signing and transaction submission (i.e., moving tokens/coins), so the skill grants direct financial execution capability.