endaoment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required scripts (scripts/search.sh and scripts/donate.sh) fetch and parse live data from public third-party endpoints (https://api.endaoment.org/... in search.sh and the public RPC URL https://mainnet.base.org in donate.sh), and those responses (e.g., .deployments[].contractAddress, isDeployed, and eth_getCode results) are read and used to decide/construct on-chain transactions, so untrusted external content can materially change the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform onchain financial transactions: it provides scripts to donate USDC, approves tokens and calls the Endaoment contract (deployOrgAndDonate), supports swapping ETH/tokens to USDC automatically, lists contract addresses and function selectors, and requires a Bankr API key for arbitrary transactions. These are specific crypto payment/transaction operations (wallet/contract interactions and sending funds), not generic tooling.