metamask-agent-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.72). High indirect prompt-injection risk: the workflows for Aave (aave-*/borrow/supply/withdraw/collateral/repay) and market-data/perps/predict/swap/bridge rely on runtime HTTP responses (e.g., GraphQL/price/quote APIs) whose returned fields (like data, to, value, intent/route/fees) are then ingested into the agent’s LLM context to construct and confirm transactions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes crypto financial primitives and commands that can move funds and execute market orders: wallet authentication and BYOK, sending raw EVM transactions (mm wallet send-transaction), transferring native/ERC-20 tokens (mm transfer), executing token swaps and cross-chain bridges (mm swap execute), signing transactions/messages, perpetuals trading (mm perps open/close/deposit/withdraw/transfer), and prediction-market orders (mm predict place/withdraw/redeem). These are specific crypto/blockchain execution capabilities (wallets, swaps, signing, trading), not generic tooling, and therefore grant direct financial execution authority.