flare-fassets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill actively fetches and ingests untrusted, user-provided third-party data (e.g., FDC attestation/proof and XRPL memo/payment bytes) as part of its required minting workflow — for example scripts/execute-minting.ts calls VERIFIER_URL_TESTNET and COSTON2_DA_LAYER_URL to obtain FDC proofs used by AssetManager.executeMinting(), and SKILL.md explicitly describes XRPL payment references and attestation payloads as externally provided inputs that drive on-chain actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about FAssets minting, redemption, and direct-minting flows and documents concrete contract APIs and payable operations that perform value transfers: e.g. executeMinting, executeDirectMinting, redeem / redeemWithTag, reserveCollateral, IMintingTagManager.reserve (payable), token approve, Core Vault payment flows, and referenced scripts that can broadcast when DRY_RUN=false. Although the SKILL claims it will not sign or broadcast transactions itself, its primary scope is developer-facing financial operations and it documents the exact blockchain functions and flows used to move funds. Under the decision logic ("Is this tool's primary and explicit definition to move money?"), this skill is specifically designed for crypto financial execution.