sablier-create-open-ended-stream

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly tells the agent to check external public pages (e.g., "Check whether the user's desired chain is listed on Supported Chains: https://docs.sablier.com/concepts/chains" and "check Sablier Flow deployments: https://docs.sablier.com/guides/flow/deployments.md" and even to "use web search" for current prices), so it ingests untrusted third‑party web content that directly determines RPC/contract addresses and execution decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create on-chain token payment streams (Sablier Flow) and to execute transactions on behalf of the user. It requires chain and token contract addresses, recipient addresses, funding preferences (create vs createAndDeposit), and routes "payment stream creation on the user's behalf" to CLI/on-chain execution. This is a specific crypto/blockchain financial operation (creating/funding on-chain token streams), not a generic tool, so it grants direct financial execution capability.