cre-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md runtime pattern and the included assets/cre-docs-index.md explicitly instruct the agent to fetch and read public documentation pages (e.g., https://docs.chain.link/cre and other docs.chain.link URLs) via WebFetch/curl as part of its core workflow, and those external pages are used to drive code generation, CLI actions, and follow-on decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about the Chainlink Runtime Environment and repeatedly references on‑chain capabilities: "EVM read/write", "onchain read/write", "EVM client" in the SDK, and "multi‑sig wallets" in operations. The workflow/deployment guidance also mentions needing a funded wallet and linked key. These are concrete crypto/blockchain transaction capabilities (wallets, signing/deploying workflows that perform on‑chain writes), which meet the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.