reputation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime (reputation.ts) calls Erc8004Service methods (e.g., getReputation, getFeedback, readAllFeedback, getClients, getFeedbackCount, getApprovedLimit, getLastIndex) to read public on-chain feedback and URIs from the ERC-8004 reputation registry (user-generated, public content) which the agent returns and could be used to decide or trigger subsequent actions like approve-client, revoke-feedback, or append-response as shown in SKILL.md and AGENT.md.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain write operations that require an unlocked wallet and submit signed transactions (give-feedback, revoke-feedback, append-response, approve-client). Commands accept fee parameters (including micro-STX amounts), produce txids and explorer URLs, and include a sponsored-transaction option. Because it is explicitly designed to send blockchain transactions and requires wallet signing, it provides direct crypto transaction execution capability.