algorand

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to connect to Algorand via the Membrane connector (see "Connecting to Algorand" / membrane connect --connectorKey algorand) and to list/run actions that read blockchain accounts, transactions, and blocks (membrane action list / membrane action run), which means the agent will ingest public, user-generated blockchain data that could influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated Algorand blockchain integration (accounts, assets, transactions) and exposes a mechanism (Membrane actions and action run) to perform operations on a connected Algorand account. Membrane handles credentials/auth and lets you create and run actions (including transaction-related actions), which directly enables sending/signing blockchain transactions and managing crypto assets. This is a specific crypto/blockchain execution capability, not a generic API caller or browser automation.