taiko

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's main workflow and examples (e.g., the "Verify" commands in SKILL.md using --verifier-url https://api.taikoscan.io/api, the CLI quick-reference "taiko network status --json", and the Python examples that call RPCs like https://rpc.hoodi.taiko.xyz) explicitly instruct making requests to public RPC/APIs and parsing their responses as part of verification and network-status logic, so untrusted third-party content can be ingested and materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for interacting with a blockchain (Taiko) and includes commands that sign and send transactions using private keys (e.g., FOUNDRY_PROFILE=layer2 forge create ... --private-key $PRIVATE_KEY, --broadcast, and cast send <TO> ... --private-key $PRIVATE_KEY). Those are crypto/blockchain signing and transaction-execution capabilities (directly able to move funds or execute value-bearing contract calls). Although x402 payments are delegated to a different skill, the presence of transaction signing/sending makes this a direct financial execution capability.