qrcoin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to query the public Base RPC (https://mainnet.base.org) and the QR Coin auction contract (0x7309779122069EFa06ef71a45AE0DB55A259A176) for auction data that includes user-submitted URLs and bid info which the agent is expected to read and act on (e.g., decide createBid or contributeToBid), exposing it to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform crypto financial operations on the Base blockchain. It includes contract addresses, USDC token details, function signatures for approve/createBid/contributeToBid, and concrete transaction examples. It instructs using "Bankr" to perform transaction signing, gas estimation, submission and confirmation monitoring and gives example prompts like "Send transaction ... calling createBid(...)" — i.e., explicit instructions to send/value-bearing blockchain transactions. This is a specific tool to move funds (USDC) rather than a generic interface, so it grants direct financial execution capability.