trust-wallet-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's references (notably references/assets.md) explicitly show fetching token metadata and logos from the public trustwallet/assets GitHub repo and assets.trustwallet.com (via gh api and web syncs, including "make update-auto — Sync from external sources (DEX pools, etc.)"), which are open, user-contributed sources the agent would read and that can change subsequent actions (e.g., adding assets, updating tokenlists), exposing it to untrusted third-party content and potential indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about wallet integration and blockchain transaction handling: it lists "HD wallets, address derivation, tx signing", "Web3 Provider (dApp connection)", "WalletConnect", and "ERC-4337 smart wallet / account abstraction (Barz)". Those are specific crypto wallet and transaction-signing capabilities that enable creating and sending on-chain transactions (managing keys, signing and broadcasting), so this is a direct financial execution tool for crypto/blockchain operations.