webdom-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly calls the public Webdom Agent API (e.g., commands in SKILL.md and README such as "npx @webdom/sdk find-domain", "get-domain", and the OpenAPI server https://webdom.market/api/agent/v1) to ingest public/user-generated domain, deal, offer and user data and then uses those responses to build transactions and drive follow-up actions, so untrusted third‑party content can materially influence agent decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for on-chain financial operations on the TON blockchain. It provides tx-builder commands (build-purchase-tx, build-auction-bid-tx, build-offer-tx, build-accept-offer-tx, build-sale-tx, etc.), wallet-linking, balance checks, and concrete instructions to broadcast prepared transactions via the @ton/mcp@alpha send_raw_transaction tool (including example shell flows that send messages and poll transaction status). These are specific crypto/blockchain transaction and wallet operations (signing/broadcasting flows) intended to move funds or transfer assets, not generic tooling.