neo-ecosystem

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (e.g., scripts/neo_contract.py and scripts/neo_balance.py) perform RPC calls to public Neo endpoints such as https://mainnet1.neo.coz.io:443 and https://mainnet-1.rpc.banelabs.org and parse untrusted contract state/invoke results and token data (manifests, stack items, balances), which the agent reads and uses to drive queries and outputs, so third-party content could indirectly inject instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides blockchain wallet management and transaction execution functions: a neo_transfer script to build NEP-17 transfers, a Python "Transfer Example" that loads a wallet, signs with an account, invokes neo.transfer and broadcasts the transaction, CLI commands for "send NEO/GAS", "transfer ", and the RPC method sendrawtransaction. These are specific crypto/blockchain payment and signing capabilities (wallet signing, building and broadcasting transactions) intended to move funds, so it grants Direct Financial Execution authority.