solidity-nft

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (Step 4: "tokenURI" validation / OpenSea metadata checks and the metadata-patterns references) explicitly requires fetching and interpreting token metadata hosted on public sources (ipfs://, https:// API endpoints, OpenSea), which are untrusted/user-provided third‑party contents.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly focused on blockchain asset management and NFT operations: it defines token standards (ERC721/1155/6551), minting functions, marketplace patterns (order-book, auction, escrow), royalty handling (EIP-2981), token transfers/approvals, burn/consume functions, and ERC6551 Token-Bound Accounts (NFTs that act as smart accounts capable of holding assets and executing transactions). Those are concrete crypto/blockchain capabilities (wallet-like accounts, creating accounts, minting/transferring/burning tokens, marketplace escrow) that enable on-chain financial actions. Under the rule that Crypto/Blockchain (wallets, signing, transactions) counts as Direct Financial Execution, this skill should be flagged.