megaeth-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse arbitrary public third‑party resources (for example, erc8004-trustless-agents.md directs GET https://agent.example/.well-known/agent-registration.json and other files/sections (prism-dex.md, resources.md, Meridian examples) show fetching tokenlists/APIs like https://prismfi.cc/tokenlist.json and accepting buyer paymentPayload JSON), and those external, user-controlled resources are read and used to decide actions (service endpoints, payment flows, token lists), so untrusted content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides end-to-end blockchain financial capabilities: wallet operations and management, sending transactions via eth_sendRawTransactionSync, token swaps (Kyber Network), bridge operations, x402 Permit2 and Meridian payment flows, Privy headless signing, ERC-7710 delegation for scoped spending limits, MetaMask Smart Accounts for account/delegation management, and marketplace actions (buying/selling subdomains with token gating). These are specific crypto/payment APIs and functions to sign/send transactions and move funds on-chain, i.e., direct financial execution.