flare-ftso

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads public on-chain, third-party feed data via RPC and contract calls (e.g., scripts/read-feeds-offchain.ts uses https://coston2-api.flare.network/ext/C/rpc and calls getFeedsById, and scripts/make-volatility-incentive.ts sends transactions), which is untrusted/provider-submitted content that the skill instructs the agent to consume and that can materially influence actions (feed-based logic and payable incentives).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents and guides on value-transfer blockchain operations: payable FtsoV2 methods (getFeedsById{value: fee}), fee calculation via IFeeCalculator.calculateFeeByIds, making a volatility incentive via FastUpdatesIncentiveManager.offerIncentive with msg.value, and delegation/staking (delegators assign stake and earn rewards). These are specific crypto/blockchain financial actions (sending transaction value, offering incentives, staking/delegation). Even though the skill includes a disclaimer that it does not itself execute transactions or hold keys, the documentation provides concrete APIs and examples for performing on-chain payments and stake operations. Under the rule (flag specific crypto/blockchain transaction capabilities), this meets the criteria for Direct Financial Execution.