fee-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly tells the agent to "Use Doppler deployments" on the public GitHub repo as the contract source of truth, and the references files include raw.githubusercontent.com links (e.g., FeesManager.sol, Airlock.sol) — meaning the agent is expected to fetch and interpret public third‑party code which can materially influence decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about on-chain fee collection, distribution, and claim paths. It names contract functions that perform fee collection/claims (e.g., collectProtocolFees(...), collectIntegratorFees(...), collectFees(...), claimAirlockOwnerFees(asset)) and discusses signers, beneficiaries, and reconciling balances before/after on-chain claims. These are specific blockchain financial operations that move funds rather than generic tooling, so it grants direct financial execution capability.