polygon-defi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches pool data from the public Trails API (https://trails-api.sequence.app/rpc/Trails/GetEarnPools) and resolves depositAddress/pool info at runtime to choose where to deposit funds, so external untrusted API responses can directly influence transaction decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes — the skill is explicitly built to move crypto funds. It documents a Polygon DeFi CLI with commands that perform token swaps, cross‑chain bridges, deposits into Aave/Morpho vaults, and withdrawals. Execution is explicit (dry-run by default, but the --broadcast flag sends transactions), and it includes wallet/session management and contract whitelisting (wallet create --contract) as well as the two‑tx ERC‑20 approve + deposit flow. These are direct blockchain transaction/signing actions (crypto wallet operations), not generic tooling, so it grants direct financial execution authority.