emblem-ai-agent-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs the emblemai CLI to fetch on-chain and public API data (e.g., token names, NFT memos, transaction memos) — see SKILL.md "Handling Untrusted Blockchain Data" and scripts/check-balance.sh — which the agent is expected to read and could contain user-generated text that materially influences decisions, so it exposes the agent to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages crypto wallets and value-moving operations: it lists supported chains (Solana, Ethereum, Base, BSC, Polygon, Hedera, Bitcoin), states its core purpose is "Direct wallet management, transaction preparation, PSBT signing, and multi-chain transfers," and describes signing and broadcasting workflows and operator-confirmed wallet actions. Those are concrete crypto/blockchain execution capabilities (wallet creation, signing transactions, and transfers), which meet the "Direct Financial Execution" criteria.