DECK-0

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill calls the public DECK-0 API (https://app.deck-0.com) — e.g., /api/agents/v1/shop/albums, /collections/{address}, /collections/{address}/leaderboard, /me/pack-opening/{hash}, and publisher application endpoints — and ingests user-generated collection descriptions, card metadata, leaderboards and publisher motivational letters which are untrusted third-party content the agent will read and present.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly supports on-chain purchases and signing transactions: it instructs agents to "Buy card packs via smart contract transactions", requires EIP-191 wallet-signed requests, provides a DECK0_PRIVATE_KEY fallback, and describes calling contract methods like mintPacks() with a payment value (including a payment formula) and openPacks(), on supported networks using native tokens (APE/ETH). These are direct crypto transaction capabilities (wallet signing, sending value) — i.e., direct financial execution.