fee-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs using the public "Doppler deployments" GitHub repo as the contract source of truth (https://github.com/whetstoneresearch/doppler/tree/main/deployments) and the references include raw.githubusercontent.com links to source files, meaning the agent is expected to read public, untrusted third-party content that can materially influence its decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about on-chain fee collection, distribution, and payout configuration for specific smart contracts (Airlock, FeesManager, locker modules, RehypeDopplerHookInitializer). It names concrete transaction-facing functions such as collectProtocolFees(...), collectIntegratorFees(...), collectFees(asset), and claimAirlockOwnerFees(asset), and instructs reconciling balances "before and after claims on-chain." These are specific crypto/blockchain financial operations (claiming/sending funds), not generic tooling, so it grants direct financial execution capability.