dflow-phantom-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (e.g., references/dflow-prediction-markets.md and references/dflow-websockets.md) instructs the agent to call public DFlow MCP/Metadata endpoints (pond.dflow.net), public WebSocket endpoints (wss://dev-prediction-markets-api.dflow.net), and the Proof KYC verify API (https://proof.dflow.net/verify/{address}), and those external, user-visible responses are read and used to gate trades and drive next actions (market discovery, trade submission, KYC gating), which exposes the agent to untrusted third-party content that can materially affect behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides crypto financial execution capabilities. It is specifically designed for Solana + Phantom wallet integrations and DFlow trading and lists concrete actions that move value: connecting wallets, signing transactions, SOL/SPL transfers, accepting crypto payments, minting NFTs, spot token swaps via DFlow (including /order flows), prediction-market trading/redemption, and submitting signed transactions to RPC. These are direct crypto/blockchain payment, wallet, swap, and market-order operations (not generic tools), so it grants Direct Financial Execution Authority.