viem-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's docs and required workflow explicitly instruct creating public clients and transports that fetch data from third-party RPCs and websockets (e.g., http('https://eth-mainnet.g.alchemy.com/...') and webSocket('wss://...') in references/clients-and-transports.md) and to read ENS names/avatars, logs, and contract state (references/reading-data.md), meaning the agent will ingest untrusted public blockchain and provider content that can materially influence subsequent actions like simulations or sending transactions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about EVM blockchain integration and includes concrete APIs and examples for wallet management, private key handling, signing, sending transactions, and writing to contracts (e.g., privateKeyToAccount, createWalletClient, sendTransaction, writeContract, walletClient.writeContract). It even references Uniswap swap integration. These are specific crypto/blockchain financial execution capabilities (signing and sending value-bearing transactions), so it grants direct financial execution authority.