blockchain-red-team

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly directs the agent to "Scan sources for novel patterns" and to "check weekly" public third-party Research Sources (CTF writeups, audit reports, arXiv papers, Flashbots/Jito, etc.), which are untrusted/public content the agent is expected to read and use to drive attack development and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on blockchain offense: "Develop and execute attack techniques", "Weaponization" steps include identifying target surface and producing an "attack sequence (step-by-step TX/action plan)", and it calls out advanced MEV/sandwich/frontrunning research and PoC code for exploits. Its primary and explicit purpose is to craft and execute blockchain transactions/attacks that directly target funds or financial mechanisms. This is not a generic tool; it is specifically designed for crypto/blockchain financial operations (attack/transaction sequences), so it meets the criteria for Direct Financial Execution risk.