xrpl-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directs the agent to query public XRPL endpoints and ingest ledger data (e.g., client.request/subscribe calls like account_info, account_objects, account_nfts, transaction events and Memos via public endpoints such as wss://s.altnet.rippletest.net and public explorers), which are user-generated/public content the agent is expected to read and interpret as part of its workflow, exposing it to indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about XRPL (XRP Ledger) development and includes direct crypto financial operations: account creation, funding, wallet integration, transaction building, signing, and submission; token and NFT issuance/transfer; DEX offers/order-book interactions and AMM operations; payment channels, escrows, and checks; and guidance on custodial signing or hardware wallets. Those are specific blockchain/crypto primitives for moving and managing funds (wallets, signing, submitting transactions, market orders), so it grants direct financial execution capability.