trust-wallet-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports fetching and acting on arbitrary HTTPS endpoints via the x402 client (references/x402.md: "twak x402 request ") — including automatic on-chain payment and retry (and a --yes flag to skip confirmation) — which exposes the agent to untrusted third‑party responses that can influence payments and follow-up behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet CLI with built-in transaction and payment features: it can create wallets and keychains, sign messages, send tokens/transfers, perform swaps and cross-chain bridging, create DCA automations and limit orders, manage ERC‑20 approvals/revokes, and run x402 micropayments. These are specific, explicit financial execution capabilities (crypto wallets, signing, sending transactions, swaps, and micropayments), not generic tooling. Therefore it grants Direct Financial Execution Authority.