dapp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill reads and acts on public, third‑party Stellar network data (e.g., calls to Horizon and Soroban RPC endpoints such as https://horizon-testnet.stellar.org and configured mainnet RPC, rpc.simulateTransaction, rpc.getLedgerEntries, horizon.loadAccount) and uses those simulation/contract/state results to assemble/submit transactions, so untrusted user-submitted blockchain content can materially influence agent decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed for blockchain financial operations. It includes concrete, finance-moving capabilities: building payment transactions, signing and submitting transactions, invoking contracts that transfer tokens, integrating wallet APIs (Freighter, Stellar Wallets Kit), and using relayer/payment submission services (OpenZeppelin Relayer) with API keys. Examples in the skill: buildPaymentTx, submitTransaction, SendPayment component, sign() hooks, kit.signTransaction/kit.transfer, and SmartAccountKit.signAndSubmit/transfer. These are specific tools and functions to create and send crypto transactions (i.e., move funds), not generic utilities. Therefore it grants direct financial execution authority.