vebetterdao

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's CRITICAL RULES explicitly instruct the agent to use third‑party services (e.g., @vechain/mcp-server and Kapa AI MCP and, as a last resort, web search) to fetch on‑chain data and documentation, meaning the agent will read public third‑party content that can materially influence its decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about on-chain token operations and reward distribution: it references B3TR and VOT3 tokens, reward distribution patterns (smart contract / hybrid / backend-only), claim/claim refund flows, treasury, multisig, TimeLock, GrantsManager, and other contracts. It instructs use of VeChain MCP (e.g., @vechain/mcp-server) for on-chain data and transaction building. Those are specific crypto/blockchain transaction and wallet/contract interaction capabilities (i.e., sending/signing transactions and moving tokens), not generic tooling. Therefore it grants Direct Financial Execution capability.