cli-forge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's bundled references (see references/cheat-codes.md) explicitly tell the agent to check package.json for the forge-std version and read the public GitHub Vm.sol (https://github.com/foundry-rs/forge-std/...) and other external Foundry docs, which requires fetching and interpreting untrusted public web content that can materially influence test/script generation and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on Ethereum smart-contract development and deployment using Foundry. It includes explicit crypto transaction actions: instructions to use env vars like ETH_FROM and MNEMONIC, guidance to "Simulation first, then broadcast", and concrete commands such as forge script ... --broadcast --verify (signing and sending transactions). It also documents creating forks (vm.createSelectFork("ethereum")), giving tokens (deal()), and handling token approvals — all specific blockchain wallet/transaction operations. Because the skill's primary and explicit purpose includes creating and broadcasting signed blockchain transactions (i.e., moving crypto/value), it constitutes Direct Financial Execution capability.