ethereum-app-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly instructs the agent to fetch and use reference skills from a public GitHub repository (https://github.com/technophile-04/ethereum-app-skill and the raw URL https://raw.githubusercontent.com/technophile-04/ethereum-app-skill/main/skills/ponder/SKILL.md), which are open, untrusted third-party files the agent is expected to read and act on during its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running remote code via "npx create-eth@latest" (which fetches and executes an npm package at runtime) and explicitly instructs fetching external skill content that would control instructions (e.g. https://raw.githubusercontent.com/technophile-04/ethereum-app-skill/main/skills/ponder/SKILL.md), so these external resources can directly execute code or control agent prompts.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for building and deploying Ethereum dApps ("build something onchain", "deploy a smart contract", "Scaffold full-stack Ethereum dApps using create-eth (Scaffold-ETH 2)"). Deploying contracts and operating onchain requires signing transactions and interacting with wallets/blockchain RPCs, so this is a tool specifically targeted at crypto/blockchain operations rather than a generic utility. Under the rule that crypto/blockchain (wallets, signing, on-chain transactions) are direct financial execution capabilities, this skill meets the criteria.