superfluid

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs using live, public third‑party sources (e.g., subgraph endpoints at https://subgraph-endpoints.superfluid.dev, API services like https://superapi.kazpi.com and https://cms.superfluid.pro, and running cast call/scripts for on‑chain reads) as part of its runtime workflow, meaning the agent will fetch and act on untrusted public content that can influence tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly centered on on-chain token operations and exposes contract-level actions that move crypto value: creating/updating/deleting streams (CFA), distributing to pools (GDA), SuperToken wrap/unwrap/upgrade/downgrade, deploy tokens, BatchLiquidator/TOGA liquidations, staking/lock/unlock/claim, and low-level Host.callAgreement()/batchCall(). It documents forwarders (CFAv1Forwarder, GDAv1Forwarder), MacroForwarder.runMacro() for atomic multi-step transactions, and EIP‑712 clear signing / relaying / gasless transaction patterns. These are concrete, purpose-built APIs/functions to send/schedule/automate token transfers and sign transactions — i.e., direct financial execution capability.