monero-wallet

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). These URLs include unverified domains (kyc.rip, xmr402.org), a small/unknown GitHub org (KYC-rip) and instructions to pull/run Docker images and local scripts — a plausible vector for delivering malicious code even though there are no direct .exe links.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md XMR402 Payment Gating section explicitly requires the agent to fetch external URLs and parse untrusted WWW-Authenticate XMR402 headers from arbitrary third-party servers (address/amount/message) and then perform payments, so third-party content can directly drive tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a Monero wallet controller: it provides a native Python RPC helper and a REST API that can create addresses, check balance, and—critically—initiate transfers (e.g., scripts/monero_wallet_rpc.py transfer, POST /transfer, and the pay-402 flow). These are specific crypto/blockchain transaction functions (including sending XMR and signing/payment proof flows), not generic tools. Therefore it grants direct financial execution authority.