image-prompting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Edit" examples and the "Requirements" explicitly state that the image/edit endpoints accept public URLs (or data URLs) and multi-ref inputs, so the agent will fetch and interpret arbitrary third‑party images from the open web which can materially influence generation/edit decisions (e.g., PRESERVE/COMPOSITE directives).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit blockchain wallet setup and wallet-related calls. The Initialize section imports and calls setup_agent_wallet and setup_agent_solana_wallet, and the Requirements mention a funded USDC wallet plus ImageClient().get_wallet_address() and setup_agent_wallet().get_balance(). These are crypto/wallet APIs (wallet setup and balance/address access) which meet the "Crypto/Blockchain (Wallets...)" criterion for direct financial execution capability under the rules, so it should be flagged even though the primary purpose is image generation.