flare-smart-accounts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests untrusted, user-generated XRPL payment memos and on-chain RPC data (e.g., XRPL testnet, Coston2) as described in SKILL.md under "Third-party data" and in the CLI encode→bridge→mint-tx and decode workflows, and those decoded memos directly determine encoded instructions and subsequent transaction actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about blockchain asset operations and includes concrete APIs/commands for moving funds. It documents instruction formats for minting FXRP, transferring FXRP, redeeming to XRP, depositing/withdrawing from vaults, and custom contract calls. It includes a TypeScript sendInstruction function that builds and submits an XRPL Payment (xrplClient.submitAndWait) and a CLI (smart-accounts-cli) with "bridge instruction" and "bridge mint-tx" commands that execute XRPL transactions. Even though the top-level text says "informational only," the skill provides specific, actionable tooling and examples to construct and submit transactions (i.e., send transactions and move assets). This meets the criterion for direct financial execution capability.