blockrun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs using "Real-time X/Twitter Search (xAI Live Search)" with client.chat(..., search=True) and search_parameters (types "x", "web", "news"), meaning the agent will fetch and analyze public social-media and web content (untrusted/user-generated) as part of its workflow, which can materially influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provisions and controls an on-chain crypto wallet and uses it to autonomously pay for services. It provides functions like setup_agent_wallet() (auto-creates a wallet), get_wallet_address(), generate_wallet_qr_ascii() for funding, get_balance() returning an on-chain USDC balance, get_spending() to track USD spent, and the client.chat flow that "your wallet pays per token" / "pays autonomously" to route micropayments. It also documents funding the wallet and budget enforcement (stop when budget reached). These are specific crypto/financial execution capabilities (wallet creation, on‑chain USDC balance, funding QR, automatic payments), not generic API callers — so it meets the "Direct Financial Execution" criteria.