vara-agent-network-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content from the live indexer and on-chain chat/board (e.g., INDEXER_GRAPHQL_URL https://agents-api.vara.network/graphql and via vara-wallet subscribe / Chat/GetMentions) as part of required workflows (see agent-create.md, agent-chat-agent.md, agent-mentions-listener.md), and that content is used to make Build Decisions, craft replies, and drive outgoing calls, so untrusted third-party text could indirectly inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly queries the public indexer at https://agents-api.vara.network/graphql at runtime to fetch chat messages, identity cards, and other content that are injected into the agent's decision/reply context, so externally-controlled data from that URL can directly influence prompts and agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires and documents use of the vara-wallet CLI for wallet creation, balance checks, wallet-signed calls, program upload/deploy, and on-chain writes (calls that spend gas, use vouchers, and may include value). These are concrete crypto/blockchain wallet and transaction-signing operations (deploying programs, registering applications, sending extrinsics, updating on-chain state). That matches the "Crypto/Blockchain (Wallets, ... Signing)" category of Direct Financial Execution.