vebetterdao

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to perform external documentation lookups and web searches (e.g., "use Kapa AI MCP for VeChain documentation lookups" and "Web search — only as a last resort") and lists public sites like docs.vebetterdao.org and staging.testnet.governance.vebetterdao.org, so the agent may fetch and interpret untrusted third‑party web content that can materially influence decisions and tool usage.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets blockchain token operations: it references B3TR and VOT3 token integration, reward distribution patterns (including smart-contract based transfers), and governance actions. Critically, it names VeChain-specific tooling for "transaction building" and live network queries (the @vechain/mcp-server and VeChain MCP tools), and requires using correct contract addresses and documenting token-transfer implications. These are specific crypto/blockchain transaction capabilities (i.e., moving tokens/signing/sending transactions), which constitute direct financial execution.