wallet-operations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (e.g., scripts/wallet_balance.py and scripts/tx_builder.py) directly fetch data from public third‑party APIs such as https://api.etherscan.io and https://api.coingecko.com and then use API-returned fields (e.g., tokenSymbol/tokenName, balances, nonces, gas prices) to drive balance reporting and transaction construction, so untrusted or user-influenced external content can materially affect decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a wallet/crypto execution tool. It provides multi-chain RPC endpoints, transaction construction and signing functionality (tx_builder), concrete transaction examples for native and ERC20 transfers and approvals, and example commands like "Transfer 100 USDC" and "Build a transaction to send 1 ETH to 0x...". Those are specific capabilities to create and execute on-chain transfers and manage approvals (i.e., move funds), not generic tooling. Therefore it grants direct financial execution authority for crypto/blockchain operations.