ima-bridging-on-skale

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md "Receiving Messages" section shows the agent/contract will receive and decode arbitrary bytes sent via the MessageProxy from other chains (untrusted, user-generated cross-chain messages) and explicitly instructs implementing logic that acts on that message content, so third‑party payloads can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements blockchain transaction capabilities: it shows using a signer/private key (ethers.Wallet with process.env.PRIVATE_KEY) to call contract methods that alter on-chain state (grantRole, sendMessage) and includes payable transactions with explicit value/gas payments (e.g., { value: ethers.parseEther("0.001") }). This is direct crypto/blockchain execution (signing and sending transactions), so it grants direct financial execution authority.