aster-deposit-fund

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls external blockchain RPC endpoints (see getRpcUrl in scripts/common.mjs which falls back to public RPC URLs such as https://ethereum-rpc.publicnode.com), and the agent consumes those RPC responses (balances, contract reads, transaction receipts) as part of its required workflow to decide and execute deposits, so untrusted/malicious RPC responses could materially change actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move funds on-chain. It requires a private wallet key in the environment, describes signing and submitting on-chain transactions, supports native and ERC‑20 deposits (including token approve + treasury.deposit calls), and provides a deposit script (deposit.mjs) that performs the send. Those are specific crypto/blockchain signing and transaction actions (wallet signing + on‑chain transfer), not generic tooling. Although it mandates user confirmation, that does not remove the fact that the skill has direct financial execution capability.