vechain-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and act on public, untrusted third‑party content — e.g., SKILL.md and references/frontend-vechain-kit.md require using external node URLs (useThor with https://testnet.vechain.org), IPFS/NFT metadata via useIpfsImage/useNFTImage, external delegator/privy URLs (privy.io), and Kapa AI MCP for documentation lookups — which the agent is expected to read and which can materially change transaction-building and behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for VeChain dApp development and includes wallet connection, smart accounts, transaction building and sending, and on-chain transaction UX. It names specific transaction-related hooks and components (useSendTransaction, useCallClause, TransactionModal, WalletButton), references using @vechain/mcp-server for on-chain data and transaction building, and discusses fees/signing (users pay gas, app-sponsored delegation). These are specific crypto/blockchain capabilities to construct and send transactions (i.e., move value), not generic tooling—so it grants Direct Financial Execution authority.