web3-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Step 4 and references/how-to-call-api.md) instructs the agent to call public Nodit endpoints (e.g., POST https://web3.nodit.io/v1/{chain}/{network}/...), ingest on-chain data including user-controlled NFT metadata and contract state, and use those responses to drive queries and potentially follow-up actions (including "unsafe_*" transaction methods), so it clearly fetches untrusted, user-generated third-party content that can influence tool use despite the caution to treat responses as untrusted.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes blockchain transaction/broadcasting methods and names functions that move funds (e.g., unsafe_payAllSui, sendRawTransaction, submitTransaction) and mentions JSON-RPC calls and Nodit API operations that can broadcast transactions. Those are specific crypto/blockchain execution capabilities (signing/sending/broadcasting transactions), not merely generic data queries, so it grants direct financial execution authority.