use-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes runtime fetching and display of public, user-provided content — e.g., WalletUIProvider's "enablePrefetching" and useNfd/NfdAvatar (references/wallet-ui.md) which fetch NFD records and avatar images via IPFS gateways, plus default network endpoints using Nodely's public APIs and configurable algod baseServer URLs (references/wallet-ui.md, references/network-configuration.md) — so the agent will ingest and render untrusted third‑party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet integration library for Algorand dApps. It provides wallet connectivity, transaction signing APIs (signTransactions, transactionSigner), an algod client, and explicit references to signing transactions and supported Algorand wallets. Those capabilities are specifically designed to create and sign blockchain transactions (i.e., move crypto), not generic tooling. Therefore it grants direct financial execution capability.