@2061/yield-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests real-time, public data from third-party endpoints (e.g., DeFi Llama at https://yields.llama.fi/pools as shown in scripts/scan_pools.py and the SKILL.md notes about Morpho GraphQL and the Pendle SDK), and that external data is read and used to decide routing, deposits, and rebalancing—meaning untrusted third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move money on-chain. It includes wallet integration (MetaMask, Rabby), programmatic execution flows for deposits and withdrawals, and concrete contract/API calls (e.g., pool.supply(...), vault.deposit(...), comet.supply(...), router.swapExactTokenForPt()). It also describes an /api/deposit and /api/withdraw endpoints, bridging, and prerequisites to load a wallet policy before on-chain ops. These are specific crypto/blockchain transaction capabilities (wallet signing, swaps, deposits) — not generic tooling — so it grants direct financial execution authority.