erc8004-on-abstract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to read and use arbitrary agent metadata and service endpoints hosted at any HTTPS/IPFS URL (see SKILL.md Quick Start and "Discover agents | Enumerate via ERC-721 tokenURI" plus references/agent-uri-schema.md), meaning untrusted, user-provided content can be fetched and used to drive subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto/blockchain execution capabilities: it shows creating a wallet client from a private key, calling client.writeContract on mainnet contract addresses, and references functions like register (minting an NFT identity) and setAgentWallet(agentId, wallet, deadline, sig). These are specific on-chain transaction and wallet/signing operations (wallet management and signed writes), not generic API or browser automation, and therefore constitute direct crypto financial execution ability.