masumi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows explicitly query permissionless, public sources—e.g., the Masumi Registry (NFT metadata), the Sokosumi marketplace, Blockfrost/other blockchain APIs, and arbitrary agent API endpoints (POST /start_job, example_output_url)—and then read and act on that user-generated, third-party content for agent discovery, job submission, and payment/collection decisions, so untrusted content can influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs operators to fetch and run remote code from GitHub (e.g., git clone https://github.com/masumi-network/kodosumi and https://github.com/masumi-network/masumi-payment-service) as required components, which clearly fetches and executes external code during setup/runtime and thus presents an execution risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment system: it describes configuring wallets, funding test wallets, a Masumi Payment Service with "Wallet Management (3 wallets)", "Payment Processing", smart-contract-based trustless escrow on the Cardano blockchain, USDM stablecoin transfers, on-chain registry and NFT minting, payment APIs (Payment Service API, Registry API), faucets for funding, mainnet/preprod environments, and workflows that "handle payments", "create test transactions", "lock USDM in smart contract", and "collect payment". These are specific blockchain/crypto payment operations (wallet creation, signing/funding, escrow smart contracts, payment APIs) intended to move funds autonomously (A2A and H2A). This is not a generic tool — it is purpose-built to execute financial transactions. Therefore it grants Direct Financial Execution Authority.