flare-fdc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using Web2Json to fetch arbitrary public Web2 URLs and to POST to verifier and DA Layer endpoints to retrieve externally provided attestation responses/proofs (see "External data handling", "Web2Json Quick Reference", and the workflow steps), meaning the agent/dev flow consumes untrusted third‑party content that can materially influence verification and downstream actions.