chainlink-cre-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow/docs (e.g., guides/workflow/using-http-client and getting-started/part-2-fetching-data-ts) explicitly instruct creating workflows that fetch and parse data from public external APIs (examples: api.mathjs.org, webhook.site) and then use those responses to generate reports or trigger onchain writes, meaning untrusted third-party content would be read and can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes EVM read/write and "onchain writes" capability, mentions forwarder addresses, contract bindings/consumer contracts, multi-sig wallets, secrets, and maps requests to "EVM read/write" or lifecycle operations. Those are crypto/blockchain primitives (signing/sending transactions, interacting with contracts, forwarders, and multisigs) which are specific tools to execute on-chain transactions that can move value. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.