rehypothecation-hook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use the public "Doppler deployments" GitHub repo as the contract source of truth (https://github.com/whetstoneresearch/doppler/tree/main/deployments) and references a raw.githubusercontent.com source in references/CONFIGURATION.md, so the agent is expected to fetch and act on untrusted public repository content that can change addresses/behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes on-chain financial operations: calling contract methods like setFeeDistribution(...), collectFees(asset), and claimAirlockOwnerFees(asset) and requires specific signers (buybackDst, airlock.owner()). It references concrete smart-contract sources and deployed addresses, and its primary purpose is to perform fee distribution/claim and buyback-related actions — i.e., signing and executing crypto transactions. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category for Direct Financial Execution.