messari-token-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly fetches external, public Messari APIs (e.g., Step 4: https://api.messari.io/news/v1/news/feed?assets={slug} and Steps 1–3 for fundamentals/signals) and then feeds those third‑party headlines/signals into the AI synthesis in Step 5, so untrusted public content can directly influence agent outputs and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes on-chain wallet operations and a token-bridge command that moves USDC between chains. Examples:
• Preflight Step 0 runs a wallet balance check and, if low, runs: mp token bridge --wallet main --from-chain ethereum --to-chain base --token usdc --amount 10 This is a direct crypto transfer (bridging) and therefore a financial execution action.
• The workflow references wallet/chain flags for requests and notes costs/payments in USDC on Base and gas requirements.

These are specific crypto/blockchain execution functions (wallet actions, bridging/swaps implied), not mere generic API calls or browser automation. Therefore it qualifies as Direct Financial Execution capability.