algorand-frontend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples and workflow explicitly call AlgorandClient.testNet() and fetch contract/global state (e.g., appClient.state.global.getAll() in references/frontend-examples.md Example 7) and show network configs pointing to public endpoints like https://testnet-api.algonode.cloud, meaning the agent would read untrusted, user-generated blockchain data from public third-party sources that could influence transaction decisions or subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates with Algorand wallets and provides signer/transaction APIs: e.g., use-wallet transactionSigner, AlgorandClient.setSigner(), getTypedAppClientById(...).send.myMethod(...) — patterns that register wallet signers and trigger on-chain contract calls/transactions. These are specific crypto/blockchain signing and transaction execution capabilities (not generic browser automation or HTTP). Therefore it grants direct financial execution authority on the Algorand blockchain.