zerion-monad-addresses

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch token and protocol data from public, community-maintained repos (e.g., https://raw.githubusercontent.com/monad-crypto/token-list/... and https://raw.githubusercontent.com/monad-crypto/protocols/...), and to use those untrusted addresses when executing zerion swap/bridge/send commands, so third‑party content can directly influence transactional actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain financial operations. It provides canonical token and protocol contract addresses and concrete Zerion CLI commands to execute value-moving actions: zerion swap, zerion bridge, zerion send, and zerion sign-typed-data (Permit2 signing). It also documents agent token/policy creation and requires a Zerion API key. These are specific crypto/blockchain transaction capabilities (wallet transfers, swaps, bridging, and signing), not generic tooling, and therefore grant direct financial execution authority.