ton-xstocks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches token metadata from the public xStocks API (curl to https://api.xstocks.fi/api/v2/public/assets/{symbol}) and must parse the returned JSON (deployments[] → address) to decide which jetton master to use for swaps, so third-party content directly controls tool inputs and execution flow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute crypto trades on TON: it resolves jetton masters via the xStocks API and then uses MCP swap tools to quote, emulate, and send transactions. It includes specific financial actions such as get_swap_quote (TON↔USDT, USDT↔xStock), get_jetton_balance, emulate_transaction, send_raw_transaction, and polling get_transaction_status, plus an automated "Pre-fund USDT" flow that will swap TON→USDT. These are concrete blockchain/crypto execution primitives (wallet swaps and sending raw transactions) and thus constitute direct financial execution authority.