erc-8004

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions explicitly invoke auto-fetching and crawling of external registration files and endpoints (see SKILL.md Quick Start and references/sdk-typescript.md: agent.setMCP('https://...', ..., true), agent.setA2A('https://.../agent-card.json', ..., true) and the EndpointCrawler), which cause the agent to read untrusted HTTPS/IPFS agent registration and MCP/A2A resources and use them to auto-configure tools/endpoints — content that can materially change tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes on-chain transaction and wallet functionality. The TypeScript SDK examples require a privateKey and rpcUrl, create and register agents on-chain (agent.registerIPFS() that mints an NFT and returns a tx you wait to confirm), and show tx-based feedback submission (giveFeedback with a tx and proofOfPayment fields). The registration format includes an "agentWallet" (eip155:...) and mentions EIP-712/ERC-1271 and x402 payment protocol support. These are concrete crypto/blockchain wallet and signing operations (sending transactions, signing), which qualifies as direct financial execution capability under the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion.