vechain-react-native-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly opens and ingests external VeWorld deep-link callback data (isVeWorldResponse/processResponse and VeWorldProvider callbacks that decrypt and act on the payload) and also fetches data from public node URLs (e.g., automatically fetching the genesis block from https://testnet.vechain.org), so untrusted third-party responses can influence session, signing, and transaction behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed for interacting with the VeChain blockchain wallet (VeWorld) and includes functions to build, sign, and send on-chain transactions. It names wallet-specific APIs and hooks (VeWorldProvider, useVeWorldWallet) and explicitly lists actions such as "sign and send transactions", "multi-clause transaction signing", "VET transfer", "EIP-712 typed data signing", key-pair generation and session persistence. Those are crypto/blockchain wallet operations that allow moving funds or creating signed financial transactions, so it grants direct financial execution capability.