flashbots

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill’s workflow explicitly instructs MEV-Boost to fetch headers and payloads from public relay URLs (see references/core-api.md: GET /eth/v1/builder/header and POST /eth/v1/builder/blinded_blocks) and to configure relay lists via CLI or YAML (features-relays-config.md and features-config-yaml.md), meaning untrusted third-party relay content is ingested and directly influences which block/header is selected.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about MEV-Boost / Flashbots and the Builder API for Ethereum (registerValidator, getHeader, getPayload, relays, bids, validator data generation). These are specific crypto/blockchain interfaces used by validators to participate in the block-building/MEV market (i.e., interacting with bids, registering validators, producing payloads), which is a direct blockchain/crypto execution domain. This fits the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.