venice-crypto-rpc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill proxies JSON-RPC calls to public EVM and Starknet networks via POST /crypto/rpc/{network}, returning node responses (transactions, logs, contract state) that originate from arbitrary public blockchain users and could be read and acted on by the agent.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto JSON-RPC proxy for EVM/Starknet networks and documents support for state-mutating transaction methods (e.g., eth_sendRawTransaction, eth_sendUserOperation), idempotent transaction submission, and wallet-based x402 pay-per-call behavior (USDC top-ups). Those are concrete blockchain transaction/transaction-submission capabilities (directly able to broadcast value-transferring transactions), so it provides direct financial execution functionality.