auto-voting-relayers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the relayer-node to "Discover users from events" and to read on-chain data (public blockchain events) and report.json on the dashboard, which are open, user-generated third-party sources that the agent consumes and uses to decide/vote/claim (i.e., materially influence actions).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for a blockchain relayer system that performs on-chain token operations: it documents smart-contract functions like castVoteOnBehalfOf, claimReward (which deducts fees and transfers net reward to voter wallets), RelayerRewardsPool.deposit(amount, roundId), and RelayerRewardsPool.claimRewards(). The relayer-node requires signing credentials (MNEMONIC or RELAYER_PRIVATE_KEY) and batches vote/claim transactions. These are specific crypto/ blockchain execution capabilities (wallet signing, deposits, token transfers, reward claims), i.e., designed to move and distribute funds on-chain.