ethers-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads public, user-generated blockchain data from external RPC providers (see "Step 2: Read Blockchain Data" using provider.getTransaction and the Alchemy RPC URL, and "Step 3: Interact with Smart Contracts"), so the agent ingests untrusted on-chain content that could influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Ethereum/EVM blockchain interactions and includes wallet handling, transaction signing, and token transfers. Examples in the prompt: creating a Wallet from a private key, connecting a signer to an ERC‑20 contract, calling usdcWithSigner.transfer(...), awaiting tx.wait(), and MetaMask/browser signer usage. These are concrete, built‑in mechanisms to move crypto funds (wallets, signing, sending transactions), so it provides direct financial execution capability.