chaoschain-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's verification workflow explicitly fetches DKG evidence from external content-addressed sources (e.g., evidence_cid like "ipfs://Qm..." and archival on Arweave) via verifier.fetch_dkg_evidence (references/verification.md) and uses that untrusted, user-provided evidence to verify integrity and drive scoring/submission decisions, so third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides blockchain payment and transaction functionality: it initializes the SDK with a PRIVATE_KEY, exposes on-chain registration (sdk.register_identity returning tx_hash), wallet_manager methods, and staking (register_with_studio with stake_amount). It includes X402PaymentManager and X402PaywallServer for accepting crypto payments, and references building DeFi trading/execution agents and transaction serialization via the Gateway. These are specific crypto/financial operations (wallet signing, sending on-chain transactions, accepting payments, DeFi execution), so it grants Direct Financial Execution authority.