nft-blockchain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly loads NFT metadata/images from public URNs via NftShape ("the image is loaded automatically from the NFT's metadata"), exposes calling arbitrary external URLs (openExternalUrl with opensea example) and signedFetch to external backends, and reads public on-chain/RPC data (sendAsync, eth calls) which the workflow uses for token-gating and marketplace/transaction decisions, so untrusted third-party content can be ingested and materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes blockchain and crypto payment/execution capabilities. It includes specific APIs and functions to move value: crypto.mana.send(), crypto.currency.send(), crypto.nft.transfer(), crypto.marketplace.buyOrder()/sellOrder()/cancelOrder(), and raw smart-contract write operations via eth-connect (e.g., contract.transfer(...) with gas). These are direct crypto/token transfer and marketplace order functions (wallet signing, gas, balances) — i.e., tools whose primary purpose is to send funds/tokens or execute market orders. Therefore it grants Direct Financial Execution authority.