monskill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill set explicitly instructs the agent to fetch and consume public, user-controlled resources (e.g., indexer/SKILL.md tells the agent to run envio-cloud ... contract-import explorer which pulls an ABI from a public Monad explorer, concepts/SKILL.md links to raw GitHub docs, and addresses/SKILL.md points to external GitHub repos), so the agent will read untrusted third‑party content that can materially influence tooling and on‑chain actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The concepts skill explicitly instructs agents to fetch external markdown at runtime (e.g. https://raw.githubusercontent.com/therealharpaljadeja/monskills/main/concepts/references/async-execution.md), which would be injected into the agent context and therefore can directly control prompts/instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill set explicitly includes crypto wallet and transaction capabilities: "Agent wallet management and Safe multisig creation on Monad mainnet and testnet," "Deploy smart contracts and perform onchain actions via Safe multisig," and "Propose transactions to Safe Transaction Service with EIP-712 signatures." These are specific blockchain wallet/transaction functions (wallets, signing, proposing on-chain transactions), which constitute direct financial execution capability under the crypto/blockchain category.