dripping-faucet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and ingests responses from external faucet APIs (e.g., https://testnet.radiustech.xyz/api/v1/faucet and https://network.radiustech.xyz/api/v1/faucet) — including the /challenge "message" and error/retry fields described in SKILL.md — and those response fields are read and used to decide signing, retries, and next actions, so untrusted third‑party content can materially influence the agent's behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move crypto funds: it implements a faucet for requesting SBC tokens (testnet and mainnet), includes endpoints to POST /drip, supports signed flows (EIP-191 personal_sign), instructs creating and loading private keys/keystores, uses signing tools (viem signer, cast wallet sign), and performs on-chain balance verification via RPC. These are direct crypto/blockchain operations (wallet creation, signing, and triggering token disbursements), which match the "Crypto/Blockchain (Wallets, Swaps, Signing)" rule for Direct Financial Execution.