trust-web3-provider

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly registers providers and defines a handler that receives and acts on arbitrary requests from external dApps and public RPC endpoints (e.g., rpcUrl values like "https://eth.drpc.org" and "https://api.mainnet-beta.solana.com" and the handler examples in SKILL.md), so untrusted third‑party content can be ingested and materially influence actions such as signing or sending transactions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a Web3 wallet provider library explicitly exposing blockchain transaction and signing APIs across Ethereum, Solana, Cosmos, Bitcoin, Aptos, TON, and Tron. The prompt lists concrete methods that perform signing and sending of value-bearing transactions (examples: eth_sendTransaction / sendTransaction, ethereum.sendTransaction, solana.signAndSendTransaction, cosmos.sendTx, bitcoin.pushPSBT/signPSBT, aptos.signAndSubmitTransaction, ton_sendTransaction, tron.sign). These are specific crypto/blockchain execution functions (signing and submitting transactions), i.e. direct financial execution capabilities.