pda-dynamic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs (SKILL.md: "Source References: Use Doppler deployments https://github.com/whetstoneresearch/doppler/tree/main/deployments as the contract source of truth") to consult a public GitHub deployments repo, meaning the agent is expected to fetch and interpret open/public, user-maintained content (deployed addresses/revisions) that can materially influence decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about on-chain token sales and auction mechanics: it references the Doppler smart contract (src/initializers/Doppler.sol), token quantities and proceeds, beneficiary addresses, auction exit paths (proceeds/refund), and operational tooling (Foundry: forge, cast + an RPC endpoint). This is a domain-specific crypto/Blockchain financial capability intended to manage and execute token sales (move/proceed funds on-chain), not a generic tool. It therefore enables direct financial execution.