yoink

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to query on-chain state via the RPC template (https://mainnet.base.org) and contract calls like lastYoinkedBy()/lastYoinkedAt() (and links to Basescan/GitHub), meaning it reads public, untrusted third-party blockchain/web content that directly affects whether the agent submits transactions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes on-chain transaction execution: it defines a contract write function (yoink()), provides RPC/contract selectors, and shows a Bankr "arbitrary transaction" JSON payload (to, data, value, chainId) for submitting a transaction. Because it supplies a concrete mechanism to construct and send blockchain transactions (crypto signing/execution via Bankr), it constitutes direct crypto/financial execution capability.