ens-primary-name

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/set-avatar.sh, scripts/set-primary.sh, and scripts/verify-primary.sh) call and parse public third‑party endpoints — notably https://api.thegraph.com/subgraphs/name/ensdomains/ens and public RPC URLs — to obtain resolver and address data which are then used to construct and submit transactions, so untrusted external content can directly influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires signing and submitting blockchain transactions and depends on a wallet API ("bankr" skill). It shows concrete transaction submission calls (e.g., bankr.sh with JSON like {"to":"0x...","data":"0x...","value":"0","chainId":8453}), requires native tokens for gas, and is designed to perform on-chain actions (set ENS reverse records). This is a specific crypto/blockchain execution capability (wallet signing/submission), so it meets the Direct Financial Execution criteria.