initia-appchain-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows and scripts explicitly fetch and use public, user-generated third-party content (e.g., scripts/scaffold-contract.sh clones https://github.com/initia-labs/movevm.git and scripts/install-tools.sh downloads binaries via curl from GitHub releases), which the agent is instructed to run/use as part of scaffolding and tool installation and thus can materially influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The scaffold script clones remote code at runtime (git clone --depth 1 https://github.com/initia-labs/movevm.git) to populate required build dependencies that will be used/built/executed locally, so this URL is a runtime external dependency that can introduce and run remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform blockchain transactions and manage keys/wallets. It includes concrete, actionable instructions to send tokens and run transactions (e.g., use the gas-station account for ALL transactions, commands like minitiad tx ... --from gas-station, scripts fund-user.sh to fund L1/L2 addresses, precise denom/precision calculations, and verification steps). It also describes auto-importing mnemonics/keys from a config (with a guarded note), key discovery commands (initiad keys show, minitiad keys show), and transaction verification (minitiad q tx <hash>). These are specific crypto/blockchain financial execution capabilities (wallet/key management, signing and sending transactions, funding accounts), so this skill grants Direct Financial Execution Authority.