web3-dao-tooling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests user-generated governance proposals from public APIs (e.g., Snapshot at https://hub.snapshot.org/graphql and https://seq.snapshot.org, and Tally at https://api.tally.xyz), uses proposal title/body/choices in reports, and relies on that data when casting votes—so untrusted third-party content can materially influence decisions and tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill contains explicit crypto/blockchain transaction capabilities that sign and send on-chain transactions using a private key. Examples:
• GovernorVoteTool builds, signs (account.sign_transaction) and sends raw Ethereum transactions (w3.eth.send_raw_transaction) and waits for receipts.
• DelegationTool builds and signs a delegate transaction and sends it on-chain.
• SnapshotVoteTool loads PRIVATE_KEY, signs vote payloads (eth_account) and submits signatures. The code expects a PRIVATE_KEY environment variable and performs direct wallet signing and transaction submission, which is direct financial execution authority (wallet control / on-chain transactions).