wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly fetches and parses JSON from public third-party APIs (https://pro-openapi.debank.com in wallet_balance/wallet_get_all_balances and https://public-api.birdeye.so in wallet_sol_balance/wallet_get_all_balances), and that untrusted API data is returned and interpreted by the agent as part of its workflow (e.g., token lists, chain fields, and computed totals) which could influence subsequent decisions or actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a multi-chain wallet with built-in capabilities to sign and broadcast cryptocurrency transactions. The Tools list includes wallet_transfer (Broadcast EVM tx), wallet_sol_transfer (Broadcast Solana tx), wallet_sign_transaction / wallet_sol_sign_transaction (signing), and various signing methods (EIP-191, EIP-712). It also notes gas is sponsored and describes workflow for sending transactions and policy functions to allow/deny operations. These are specific crypto wallet operations intended to move funds (create/sign/send transactions), so it provides direct financial execution capability.