@1365/across-bridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches JSON quotes and ready-to-send transactions from public Across endpoints (e.g., https://app.across.to/api/swap and other across.to endpoints) and the SKILL.md and scripts explicitly instruct the agent to read those responses and execute approvalTxns/swapTx, meaning untrusted third‑party content can materially alter tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations: cross-chain token bridging via the Across protocol. It requires activating a wallet policy, calls a /swap endpoint that returns ready-to-send swapTx and approvalTxns, and instructs the agent to "Send approvals" and "Send bridge transaction" and to verify destination balances. Those are concrete, specific crypto transaction operations (wallets, swaps, signing/sending transactions), not generic API or browser automation. This matches the Direct Financial Execution criteria for Crypto/Blockchain (wallets, swaps, signing).