hedera-consensus-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow instructs the agent to subscribe via TopicMessageQuery.subscribe to Hedera mirror nodes and read TopicMessage.contents (SKILL.md "Subscribing to Messages" and "TopicMessageQuery"), which pulls user-generated public topic messages from the open Hedera network (untrusted third-party content) that the agent is expected to interpret and could influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Hedera (a blockchain) and its SDK: it defines wallet/provider and private-key usage, transaction classes (TopicCreateTransaction, TopicMessageSubmitTransaction, TopicUpdateTransaction, TopicDeleteTransaction) with .execute()/.executeAll(), and signing patterns (freezeWithSigner, sign, executeWithSigner). It also shows Hbar/token-denominated custom fees, fee collectors, and custom fee limits. Those are specific crypto/blockchain transaction and signing operations — i.e., direct financial/transaction execution capability.