ethskills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read public third‑party URLs as part of normal workflow (e.g., audit/SKILL.md tells the agent to fetch the master checklist from raw.githubusercontent.com and the README/invocation examples direct the agent to audit arbitrary GitHub URLs like https://github.com/owner/repo/blob/main/contracts/Foo.sol), so untrusted, user‑provided web content will be ingested and can materially influence decisions and automated actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The audit skill explicitly tells the agent to fetch the master checklist from https://raw.githubusercontent.com/austintgriffith/evm-audit-skills/main/evm-audit-master/SKILL.md at runtime; that raw GitHub URL is a runtime-fetched dependency whose markdown directly controls which sub-skills/checklists the agent loads (i.e., it controls prompts/instruction flow) and is required for the audit pipeline.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Ethereum and onchain finance: it covers wallets (creating wallets, key safety, multisig, account abstraction), DeFi protocols (Uniswap, Aave, swaps, flash loans), treasury tooling (Safe / Gnosis Safe), and even a payments protocol and SDKs (x402 HTTP 402 payment protocol, x402 SDKs). Those are specific crypto/blockchain financial capabilities (wallets, swaps, signing, payments) rather than generic tooling, so the skill grants direct financial execution authority.