brian-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's /agent/knowledge endpoint explicitly returns pageContent and source URLs from public websites (e.g., "metadata": {"source":"https://docs.aave.com/..."}) and the /agent/transaction responses include calldata produced by third‑party solvers (Enso, LI.FI) that the agent is expected to read and act on, meaning public third‑party content is ingested at runtime and can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Web3 financial execution tool: it converts natural-language intents into executable on-chain transactions (swap, bridge, transfer, deposit, withdraw, borrow, repay), returns ready-to-sign calldata/transaction steps, and provides SDK and LangChain toolkits (including privateKey/account integration and tools for swap/bridge/transfer/etc.). It directly targets crypto/blockchain transaction creation and signing workflows, so it grants direct financial execution capability.