afp-product-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly requires selecting and validating public API URLs and JSONPath specs (see SKILL.md "Data source: public API URL and fields to extract" and the references/api-sources.md with Open-Meteo, World Bank, CoinGecko examples), meaning the agent will ingest untrusted third-party API responses as part of building oracle/evaluation specs that can change product behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to create and register on-chain PredictionProductV1 objects and shows concrete crypto/blockchain integration: it requires RPC URLs, EVM contract addresses, a "builder address", and the AFP SDK usage example includes auth via afp.PrivateKeyAuthenticator(PRIVATE_KEY). Those elements (private-key authenticator + rpc interaction + on-chain product registration) are specific crypto/blockchain capabilities (wallet signing / transaction submission), not generic tooling. This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.