sablier-create-airdrop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required runbook explicitly ingests user-provided recipient CSVs (references/merkle-tree.md) and user-supplied RPC/Pinata inputs and then parses the Merkle root, IPFS CID, aggregate amount, and factory addresses to build and broadcast on-chain transactions (evm-cli.md and scripts/generate-merkle-campaign.mjs), so untrusted third-party / user-generated content is read and can directly change the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and execute on-chain token airdrop campaigns: it routes CLI onchain transactions to deploy campaign contracts, can run token funding transactions, and coordinates recipients claiming tokens. These are direct crypto/blockchain financial operations (deploying contracts and transferring ERC‑20 tokens), so it grants direct financial execution capability.