zerion-lifi-earn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches vault data from the public LI.FI Earn API (GET https://earn.li.fi/v1/vaults) and instructs the agent to read and use those results (vault addresses, APY, isTransactional) to build routes and call executeRoute, so untrusted third-party content can directly influence transaction-building and execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move crypto funds. It documents using the LI.FI Earn API and LI.FI SDK to discover vaults and then deposit into them, including cross-chain flows. Key explicit execution capabilities: executeRoute(route) (SDK method that orchestrates allowances, signatures, bridge steps and transactions), raw endpoints that return signable quotes/routes, and CLI commands like zerion wallet fund to fund the agent wallet and zerion portfolio/analyze to verify post-deposit positions. This is a purpose-built crypto/DeFi execution tool (wallet funding, transaction orchestration, bridging, and depositing into vaults), not a generic API caller or browser automation.