intuition

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries and uses data from the public GraphQL endpoints (see reference/graphql-queries.md and reference/network-config.md) — including pin mutations that produce ipfs:// URIs — and relies on those discovery results to select atoms/predicates/term_ids and drive subsequent write intents, so untrusted, user-generated content from the open web is consumed and can materially influence actions despite the documented revalidation safeguards.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain financial interactions with the Intuition Protocol: it documents payable write functions (createAtoms, createTriples, deposit, depositBatch), precise msg.value and assets calculations, bonding-curve deposits that mint/burn $TRUST, redemption flows, and a JSON execution contract for producing executable transaction objects ({to, data, value, chainId}). It requires a funded wallet and signing infrastructure, instructs how to compute calldata/value, and guides broadcasting/verification. These are specific-purpose primitives to move token value (send TRUST), not generic tooling, so it grants direct financial execution capability.