web3-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs the agent to fork and interact with mainnet via third‑party RPC endpoints (e.g., vm.createSelectFork("https://eth-mainnet.alchemyapi.io/v2/...") and Hardhat forking using process.env.MAINNET_RPC_URL), which pulls public blockchain state from external providers that the agent reads and acts on during tests, so untrusted third‑party content can influence tool use and behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about interacting with blockchain assets and includes concrete code that sends transactions and manipulates wallets: Hardhat network config uses an ACCOUNT PRIVATE_KEY, tests call token.transfer, impersonate accounts and transfer tokens, vm.deal (fund addresses), and a Mainnet-fork test references Uniswap swaps and interacting with ERC‑20 contracts. These are specific crypto/blockchain operations (wallets, transfers, swaps, signing) rather than generic testing tooling, and therefore enable direct financial execution.