sui-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly connects to external Sui fullnode RPCs (e.g., createSuiClient in src/index.ts and SKILL.md examples using https://sui-mainnet.nodeinfra.com or customUrl) and routinely queries public on-chain data (queryEvents, getObject(s), getStakes, getCoins, etc. shown in examples/advanced.ts and basic-usage.ts), which are untrusted user-generated blockchain contents that the agent is expected to read and that can materially influence transaction building/execution behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for interacting with the Sui blockchain and includes transaction execution and signing APIs (e.g., "Transaction Execution: Build, sign, and execute transactions", API methods like signAndExecuteTransaction and executeTransactionBlock), balance reading, and staking management. These are specific crypto/blockchain financial operations (wallet signing, sending transactions, managing staking), not generic tooling, so it grants direct financial execution capability.