emblem-ai-agent-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly lists and uses public third-party data sources (e.g., "Market Data: CoinGlass, DeFiLlama, Birdeye, LunarCrush", OpenSea, ChangeNow, pump.fun, PolyMarket) and describes agent workflows that read/interpret that market/social content (e.g., "What's trending on Solana?") to drive trading/portfolio actions, so untrusted web-origin content can influence tool decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet/trading tool (Emblem Agent Wallet) that manages wallets across multiple blockchains and exposes direct transaction capabilities: sending tokens (e.g., "Send 0.1 ETH to 0x..."), swapping tokens ("Swap $20 of SOL to USDC"), trading (swaps, limit orders, conditional orders, stop-losses), signing transactions/messages, DeFi operations, cross-chain swaps, and programmatic agent mode for scripted execution. These are specific crypto/blockchain financial operations (wallet management, signing, transfers, swaps, market/order placement), which fit the "Direct Financial Execution" criteria. The presence of agent mode and CLI commands to perform sends/swaps confirms direct execution capability even if safe-mode requires user confirmation.