starknet-anonymous-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and ingests public third-party content (AVNU token lists via fetchTokens in scripts/_tokens.js and avnu-swap.js, and on-chain ABIs via provider.getClassAt in parse-smart.js, read-smart.js and resolve-smart.js using a public RPC URL) and explicitly uses that untrusted data to build token maps, resolve ABIs/functions, and drive execution plans, so external content can materially influence tool decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly provides wallet creation/loading, private-key signing, and end-to-end on-chain transaction flows on Starknet. It includes scripts for invoking contracts, ERC20 allowance checks, preparing/simulating fees, and executing token swaps via the AVNU SDK (fetchTokens, getQuotes, executeSwap). The flow describes building execution params and broadcasting transactions (sign -> send -> wait), and supports conditional watch-and-execute operations. Those are specific crypto/blockchain financial execution capabilities (wallet management, signing, and broadcasting transactions / executing swaps), not generic tooling. Although it requires user authorization before broadcasting in some paths, the skill is explicitly designed to move cryptocurrency funds.