aeon-defi-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly lists public third‑party data sources (Sources: DefiLlama api.llama.fi + yields.llama.fi and on‑chain data via external RPC/Quicknode/Alchemy) which the agent ingests to compute alerts and produce Bankr Submit payloads, so untrusted external content can materially influence its decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for DeFi financial operations and produces actionable transaction payloads. It pairs with a Bankr "Submit" execution hook and includes ready-to-paste Submit commands such as "deposit 1000 USDC into aerodrome-base ... via Aerodrome router" and "withdraw position from aave-v3-base USDC market ...". It also references on-chain RPC providers (Quicknode/Alchemy, Bankr-compatible RPC) and per-type actions (deposits/withdrawals, swaps) that are transaction-level operations. Even though it says "read-only by default" and "execution requires explicit operator input," the primary and explicit definition is to monitor DeFi positions and generate executable transaction instructions — i.e., it facilitates sending blockchain transactions. That meets the rule for Direct Financial Execution (crypto/blockchain transaction capability).