rehype

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and interpret raw source files from public GitHub (see SKILL.md "Source References" with curl and references/CONFIGURATION.md linking to raw.githubusercontent.com), meaning untrusted third-party content is read and could materially influence contract calls/deployments.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly directs runtime fetching of raw GitHub source (e.g., https://raw.githubusercontent.com/whetstoneresearch/doppler/988dab4/src/dopplerHooks/RehypeDopplerHook.sol via curl) to include code citations, so external content can be pulled at runtime and directly influence agent context/instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to operate on on-chain fee flows and perform state-changing financial actions. It documents specific contract functions and deployment steps that move or reallocate funds: setFeeDistribution(...) (updates fee splits), RehypeDopplerHook.collectFees(asset) (transfers accumulated beneficiary fees to buybackDst), RehypeDopplerHook.claimAirlockOwnerFees(asset) (claims/transfers the 5% protocol fee), and running deployment scripts with forge --broadcast (which sends transactions). The prerequisites explicitly require access to Airlock + DopplerHookInitializer and an RPC for deployments/simulations, indicating intended on-chain mutation of funds. These are specific payment/fee-transfer operations (not generic tooling), so this skill grants direct financial execution authority.