myriad-on-abstract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references clearly instruct the agent to fetch and consume data from the public Myriad API (e.g., https://api-v2.myriadprotocol.com/markets and /markets/quote), which returns untrusted/user-generated market titles/outcomes and execution calldata that the agent is expected to read and act on (execute trades/transactions), so third-party content can materially influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for trading on a prediction-market platform and includes concrete crypto/blockchain execution primitives: polkamarkets-js SDK methods (pm.buy(), pm.sell(), pm.referralBuy(), pm.claimWinnings()), REST endpoints that return calldata for on-chain transactions (POST /markets/quote, POST /markets/claim), ERC‑20 approval guidance, contract and token addresses, and instructions to send transactions via wallet sendTransaction. These are specific tools/functions for executing financial (crypto) transactions and managing trading/revenue — not generic interfaces.