pda-static

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly directs users/agents to "Use Doppler deployments" (https://github.com/whetstoneresearch/doppler/tree/main/deployments) and embeds numerous raw.githubusercontent.com source links in required workflow files (e.g., references/FLOW.md) as the contract "source of truth," which indicates the agent is expected to read/interpret public GitHub content that could influence decisions (addresses, initialization logic) at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about DeFi auction mechanics on Uniswap v3: it names contract entrypoints and workflows that perform on‑chain actions (e.g., "Initialize positions" via Airlock, "exitLiquidity", and "beneficiary fee collection") and references UniswapV3 contract components. Those are specific blockchain/crypto transaction operations that can move funds or collect fees, so this is direct financial execution capability.