initia-appchain-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows and scripts explicitly fetch public third-party content (e.g., scripts/scaffold-contract.sh performs git clone https://github.com/initia-labs/movevm.git and scripts/install-tools.sh/curl downloads weave/initiad from GitHub releases, and the docs direct the agent to consult external docs at https://docs.initia.xyz), so the agent is expected to ingest and act on untrusted public content that could influence subsequent build/deploy actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). I flag https://foundry.paradigm.xyz (used in the instruction "curl -L https://foundry.paradigm.xyz | bash") because the skill text includes commands that fetch and immediately execute remote scripts at runtime — and the repo downloads in scaffold-contract.sh (https://github.com/initia-labs/movevm.git) and install-tools.sh (GitHub release URLs) similarly fetch remote code/artifacts that are executed or relied upon as required dependencies.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform blockchain financial operations. It includes concrete transaction APIs and commands (e.g., requestTxSync / requestTxBlock via useInterwovenKit, minitiad tx evm create, MsgExecuteContract/MsgCall patterns), utilities/scripts to fund user wallets (scripts/fund-user.sh), key management flows including importing a gas-station mnemonic, and bridge/openBridge instructions. These are specific crypto/blockchain signing and transfer actions (sending transactions, funding accounts, deployment that involves signing), not generic tooling. Therefore it grants Direct Financial Execution capability.