flare-smart-accounts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs reading and decoding incoming XRPL payment memos and on-chain RPC state from public endpoints (e.g., XRPL testnet wss://s.altnet.rippletest.net:51233 and Coston2 RPC) as part of the workflow, and those untrusted, user-generated memos are used to drive encoded actions (e.g., executeTransaction, custom instructions), which could enable indirect prompt-injection-style influence on behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about moving crypto assets on XRPL and Flare. It documents token operations (mint FXRP, transfer FXRP, redeem FXRP), vault deposit/withdraw flows, and a CustomCall that can send FLR with contract calls. It includes concrete code/CLI that constructs and submits XRPL Payment transactions (e.g., ./smart_accounts.py bridge instruction, bridge mint-tx, the sendInstruction function calling xrplClient.submitAndWait, and walletClient.writeContract), plus environment variables for private keys. Although it labels itself as reference documentation, the CLI and code examples are directly intended to perform financial transactions and bridge funds. This matches the “Crypto/Blockchain (Wallets, Swaps, Signing)” and “Send Transaction” criteria for Direct Financial Execution.