zerion-analyze

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's commands (e.g., "zerion analyze <address|name>" and "zerion history <address|name>") explicitly fetch portfolio, positions and transaction history for arbitrary public addresses/ENS names via the Zerion CLI, meaning it ingests public/user-generated on-chain and token metadata from third-party sources that could contain attacker-controlled content and influence agent analysis or follow-up actions.