TRC20 Token Toolkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime scripts (info.js, balance.js, transfer.js, approve.js) directly call tronWeb.contract(...).call() against arbitrary TRC20 contract addresses via public TRON nodes (api.trongrid.io or the configured hptg.bankofai.io host), meaning untrusted, user-deployed contract metadata (name/symbol/decimals/allowance/balance) from the public blockchain is ingested and used to make validation and transaction decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements blockchain wallet functionality: it requires a TRON_PRIVATE_KEY, and provides scripts to transfer tokens (transfer.js) and to create/manage token approvals/allowances (approve.js). Outputs include tx_id and it performs on-chain actions (transfers, approvals) beyond just querying balances. This is direct financial execution capability (crypto signing/sending transactions), even though it includes safety notes and a --dry-run mode.