nft-manager

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls get_nft_info to fetch NFT metadata (image URI, name, description) from public token metadata sources and the SKILL.md workflow says the agent must show and use that data to confirm transfers, so untrusted, user-controlled third‑party content is ingested and can influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides blockchain transfer functions (transfer_nft, transfer_erc1155) and is designed to send NFTs between addresses on EVM chains. It includes operational rules to confirm and execute transfers (use safeTransferFrom, confirm token ID and recipient), and queries balances/contract state. These are specific crypto asset-moving capabilities (signing/sending on-chain transfers), not generic tooling, so it grants direct financial execution authority.