openfort

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md workflow explicitly requires using the mcp__openfort-docs__read_page / read_source_file and related documentation/source-search tools to fetch and read public Openfort docs and repository source (via https://www.openfort.io/api/mcp and public openfort-xyz repos), meaning the agent will ingest untrusted, third-party web/ GitHub content that can materially influence CLI/tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets crypto wallet and transaction operations. It exposes an Openfort CLI that lets the agent "create wallets, send transactions, manage policies, sponsorship, contracts, sessions, and subscriptions" and references backend wallets, fee sponsorship (including sponsoring transactions with stablecoins like USDT/USDC), and programmatic control of app-wide funds. These are specific, built-in capabilities to move/manage money on-chain (wallet creation, transaction sending, sponsoring payments), so this is direct financial execution authority.