sui-transaction-building

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Integration with SuiClient and examples (integration-points.md and various workflow/reference files) show calls to public fullnode URLs (e.g., https://fullnode.mainnet.sui.io) and RPC methods like client.getObject, client.getOwnedObjects, client.getCoins, dryRunTransactionBlock and also an API endpoint that ingests req.body — all of which consume public on-chain and user-provided data (NFT metadata, object content, arbitrary request bodies) that are untrusted and used by the agent in its workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about building, signing, and executing Sui blockchain transactions. It includes concrete transaction operations (SplitCoins, TransferObjects, MoveCall), examples that transfer SUI, and an API call example to signAndExecuteTransaction, plus references to keypairs, wallets, signing, gas/budget configuration, and integration with SuiClient. These are specific crypto/blockchain transaction and signing capabilities (i.e., designed to move funds), not generic tooling—so it grants direct financial execution authority.