erc-8004

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). scripts/get-agent.sh explicitly fetches and returns registration JSON from arbitrary IPFS gateways (https://gateway.pinata.cloud, https://ipfs.io) or any HTTPS URI obtained from on‑chain tokenURI, and register-http.sh accepts arbitrary public REGISTRATION_URLs—so untrusted, user‑hosted third‑party content is retrieved as part of the required workflow and could materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain crypto operations: it includes scripts to "bridge ETH to mainnet", contract addresses, and a workflow step to "Register On-Chain" by calling register(agentURI) on the Identity Registry. The provided SDK example accepts a privateKey and rpcUrl (implying transaction signing) and the docs mention gas costs. These are specific crypto/blockchain capabilities (wallet signing, bridging, sending transactions) that can move value. Therefore it grants direct financial execution authority.