doppler-hooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly directs the agent to use the public GitHub "Doppler deployments" repository (https://github.com/whetstoneresearch/doppler/tree/main/deployments) as the contract source of truth, so the agent is expected to fetch and interpret open/public third‑party content that can change runtime decisions (deployed addresses/revisions) during its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically about DeFi smart-contract hook modules (Doppler hooks) and references concrete on-chain financial behaviors: buybacks, fee routing, protocol-owner fee claims, swap callback flags, and initializer contracts. These are explicit crypto/financial operations tied to moving or reallocating funds within protocols (not a generic tool). Therefore it grants direct financial execution capability.