multi-canister

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's canister factory endpoints (Motoko: Self.createChildCanister accepting wasmModule : Blob; Rust: create_child_canister(wasm_module: Vec)) explicitly ingest caller-supplied WASM blobs, i.e., untrusted user-provided code that the canister installs and executes, which can embed arbitrary instructions and thus enable indirect prompt-injection-like influence.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit blockchain management APIs that perform value-related operations: e.g., Motoko management canister calls (create_canister with attached cycles, deposit_cycles, install_code) and Rust calls like create_canister_with_extra_cycles / install_code and references to attaching 1_000_000_000_000 cycles. These are platform-level crypto/blockchain operations that create canisters and move "cycles" (the IC value unit) between entities. Because it includes concrete management-canister APIs used to transfer/attach cycles, it provides direct financial execution capability.