flare-fdc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly documents Web2Json and DA Layer workflows that fetch arbitrary public Web2 content (via verifier endpoints like VERIFIER_URL/Web2Json and DA Layer POST /api/v1/fdc/proof-by-request-round-raw) and instructs the agent to decode and use those untrusted responses as part of the attestation/proof workflow, which could allow indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about blockchain payment attestations and smart-contract interactions for confirming and verifying payments. It defines a "Payment" attestation type, references contract methods like verifyPayment, includes Payment.sol and cross-chain payment examples, and describes calling FdcHub.requestAttestation (an on-chain transaction with value/fee) plus DA Layer/verifier APIs for fetching/confirming payment proofs. These are specific crypto/blockchain payment capabilities (confirming and asserting payments on-chain), so it is directly tied to financial execution/verification rather than a generic tool.