wdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md's explicit "URL Fetching Workflow" requires the agent to web_fetch/publicly browse URLs referenced in references/ (e.g., docs.wallet.tether.io, docs.usdt0.to, npmjs/GitHub links, and https://x402.semanticpay.io), so the agent will ingest untrusted third‑party web content that can materially influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The WDK skill is explicitly a multi-chain wallet SDK and includes concrete, named write methods that move funds or sign transactions: sendTransaction, transfer, sign, swap, bridge, lending methods (supply/withdraw/borrow/repay), and fiat on/off-ramp (MoonPay buy/sell). It also documents wallet modules (EVM, BTC, Solana, TON, TRON, Lightning) and protocol modules for DEX swaps, cross-chain bridges, DeFi lending, and fiat ramps. These are specific crypto/financial execution capabilities (wallet operations, token transfers, swaps, bridges, signing), not generic tooling. Therefore it grants direct financial execution authority.