pda-dynamic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md explicitly directs the agent to "Use Doppler deployments (https://github.com/whetstoneresearch/doppler/tree/main/deployments) as the contract source of truth" and multiple reference files link to raw.githubusercontent.com, indicating the agent is expected to fetch and interpret public GitHub/raw content that can materially influence decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about on-chain token sale/auction mechanics: decoding init config (tokens to sell, proceeds bounds), epoch rebalancing and swap-triggering logic, exit paths based on proceeds, beneficiary fee setup and allocations, references to deployed contract addresses (Doppler.sol), and Foundry (forge/cast) plus RPC endpoints. These are specific crypto/blockchain financial operations (selling tokens, handling proceeds, wiring post-auction liquidity/beneficiaries), not generic tooling, and therefore constitute direct financial execution capability.