data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and parse public, user-generated blockchain data from third-party sources (e.g., Horizon at https://horizon.stellar.org, RPC providers directory, the public data lake s3://aws-public-blockchain, Hubble BigQuery, and third-party indexers like Mercury or StellarExpert), and that content (transactions/events/memos) is read as part of workflows (getEvents, transactions, streaming, simulate/sendTransaction) and can influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly exposes blockchain transaction submission APIs. The docs include concrete methods and examples for sending transactions (rpc.sendTransaction, horizon.submitTransaction / server.submitTransaction, submitTransaction(signedTransaction)), transaction simulation, account loading (sequence numbers), and polling for transaction results. Those are specific crypto/blockchain functions that can move funds or execute on-chain operations — not generic HTTP or browser automation. Therefore it grants direct financial execution capability.