meshjs-cardano

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls a third-party BlockfrostProvider (e.g., provider.fetchAddressUTxOs) and processes on-chain asset metadata/IPFS links and UTxO data — public, user-generated content the agent reads and could display or act on, enabling indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Cardano blockchain financial operations: it provides wallet connectors (CIP-30), transaction building APIs (Transaction.sendLovelace, sendAssets, mintAsset, redeemValue), calls to wallet.signTx and wallet.submitTx, and examples of submitting transactions and minting tokens. These are specific crypto/ blockchain transaction signing and submission capabilities (directly moving assets on-chain), not generic utilities. Therefore it grants Direct Financial Execution authority.