blockrun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs using xAI Live Search (e.g., "Real-time X/Twitter Search (xAI Live Search)" and the advanced search examples with search=True and web/news sources) to fetch and analyze public X/Twitter posts and web/news content, meaning the agent ingests untrusted user-generated third‑party content that can influence its behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provisions and controls an on-chain wallet and associated payment actions. It auto-creates a wallet via setup_agent_wallet(), exposes get_balance() (on-chain USDC), get_wallet_address(), generate_wallet_qr_ascii() for funding, and get_spending()/spending checks that determine whether to make paid client.chat calls. The description states the wallet "pays per token" and uses micropayments to route requests. These are specific crypto/ blockchain wallet and payment operations (wallet creation, balance, funding, and automated spend control), which constitute direct financial execution capability.