web3-security-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests untrusted, public API and RPC responses (e.g., GoPlus at api.gopluslabs.io, Honeypot.is at api.honeypot.is, Tenderly at api.tenderly.co, and public RPCs like rpc.flashbots.net/rpc.mevblocker.io) and the agent parses those responses into analysis and simulation results that can materially influence decisions and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit crypto transaction execution code. The FlashbotsProtector and MEVBlockerProtector classes load a PRIVATE_KEY (Account.from_key(os.getenv("PRIVATE_KEY"))), build, sign (account.sign_transaction), and send raw transactions (w3.eth.send_raw_transaction) via RPCs. Those methods directly perform on-chain transfers/sends, i.e., signing and broadcasting transactions with a wallet — which is direct financial execution capability. (Tenderly simulation and address/token checks are analysis-only, but the send_protected_transaction implementations clearly move funds.)