curve-gauge-yield-trader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime (scripts/agent.py) calls external Seren publisher endpoints — notably the curve-finance /getGauges endpoint (fetch_top_gauges) and the publisher catalog /publishers (rpc discovery) — and directly ingests that third-party data to choose gauges, build trade plans, resolve RPCs, estimate and execute transactions, so untrusted publisher content can materially change agent decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations. It builds, signs, and submits EVM transactions (execute_liquidity_trade -> signs locally and submits with eth_sendRawTransaction), supports local private-key wallets and Ledger signer mode, includes live_mode/--yes-live safeguards but allows real fund usage, exposes custom_tx fields (to, data, value_wei), requires RPC publishers and SEREN_API_KEY, and can be scheduled to run live via seren-cron. These are concrete crypto/blockchain wallet and transaction execution capabilities intended to move funds.