grpc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "Documentation Resources" section explicitly instructs the agent to fetch external website documentation via Context7 (e.g., "Fetch latest gRPC documentation with Context7" and "Prefer website documentation (IDs starting with '/websites/')"), which requires ingesting open/public web content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly references "wallet signing operations" and includes proto artifacts like Protos/wallet_service.proto and a WalletService base, indicating native support for crypto wallet signing functionality. That is a specific crypto/blockchain capability (signing transactions), which qualifies as Direct Financial Execution authority under the rules.