goldrush-mcp-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and run a public npm package via "npx -y @covalenthq/goldrush-mcp-server@latest" and to verify/inspect the official docs at https://goldrush.dev/docs/goldrush-mcp-server and the MCP server/help output (e.g., goldrush-mcp-cli -h and "inspect the live server"), which cause the agent to ingest and act on untrusted third‑party content (package/help/schema) that can change subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes remote code at runtime via "npx -y @covalenthq/goldrush-mcp-server@latest" (and related uxc link commands), which fetches and executes an external npm package from the registry as a required dependency, so it directly executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto/blockchain integration: it exposes multichain wallet balances, "transfers" and "transactions", ERC20 token transfers, token approvals, and related wallet/transaction operations via a CLI MCP. Those capabilities are specific to moving and managing on-chain assets (crypto/wallet/transaction domain) and therefore constitute direct financial execution authority (the skill is purpose-built for blockchain financial operations).