ton-send

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs TON DNS resolution of user-supplied .ton/.t.me names (see "Supports TON DNS resolution" and Send TON step 1: "call resolve_dns first"), and then uses the resolved, public/user-controlled address to decide where to send funds, meaning it ingests untrusted third-party DNS records that can materially change actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move cryptocurrency: it defines send_ton and send_jetton operations, DNS resolution for addresses, balance checks, wallet creation, and transaction status polling. These are direct crypto/blockchain transaction capabilities (sending tokens, managing wallets, submitting transactions), which match the "Crypto/Blockchain (Wallets, Swaps, Signing)" category for Direct Financial Execution.