skale-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes code that fetches and ingests arbitrary URLs (e.g., BasicAgent.accessResource(url) in rules/agents-on-skale.md and examples like AgentToAgentCommunication/ScheduledAgent that call accessResource with external endpoints), meaning the agent will read and process untrusted third‑party content from arbitrary web resources.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes tools and workflows for performing on-chain financial operations: e.g., "Implementing automated on-chain transactions", "Bridging assets via skale-bridge", "Use skale-bridge for asset movement to/from SKALE", wallet connection and "web-transaction-handling", and a Foundry deploy example that includes --private-key and --broadcast for sending transactions. These are specific crypto/blockchain transaction and asset-movement capabilities (signing/sending transactions and bridging assets), which constitute direct financial execution authority.