flare-general

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's guides explicitly show fetching and using contract ABIs and explorer data from public block explorer APIs (e.g., flare-for-javascript-guide and flare-for-python-guide fetch from https://coston2-explorer.flare.network/api), so the agent would ingest untrusted, user-provided third‑party content (public explorer/ABI responses) that can materially influence subsequent contract interactions or tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents transaction and wallet APIs focused on crypto asset operations. It includes the @flarenetwork/flare-tx-sdk with concrete methods to transfer native/wrapped tokens, wrap/unwrap, claim rewards, delegate/undelegate, stake on the P‑chain, and invoke contract calls. It also lists wallet SDKs and services (MetaMask/EIP‑1193, Ledger, Trezor, Etherspot, Turnkey, Dfns) and shows code for sending transactions. These are specific crypto/blockchain execution capabilities (wallet signing and on‑chain value transfers), not generic tooling, so it grants direct financial execution authority.