injective-funding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes a public Node/Express faucet (/api/faucet) that accepts arbitrary caller-supplied addresses from the open internet, canonicalizes and directly uses that untrusted input to build and broadcast MsgSend transactions (SKILL.md "Public Faucet Server" and reference implementation), so third-party content is ingested and can directly drive actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily designed to move crypto funds. It contains concrete operations for signing and broadcasting on-chain transfers (MsgSend), batch bank transfers (up to 200 msgs/tx), depositing to exchange subaccounts, topping up taker wallets, CLI scripts to fund wallets, and a public faucet implementation that accepts caller-supplied addresses and broadcasts transactions using a private key (MsgBroadcasterWithPk / PrivateKey). These are specific payment/crypto transaction primitives (sending INJ/USDT/USDC, subaccount deposits, broadcaster.broadcast), not generic tooling — therefore it grants direct financial execution authority.