zerion-somnia-reactivity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md clearly shows the agent subscribing to public Somnia Testnet events via the WebSocket RPC (wss://api.infra.testnet.somnia.network) and using onData callbacks (see "Off-Chain Subscriptions" and "Using with Zerion CLI") to read event payloads and trigger CLI actions (execSync → zerion), so untrusted on-chain event data can directly influence agent decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto financial execution capabilities. It documents creating wallet/session clients (seed = private key equivalent) and SDK wallet clients for on-chain writes, and gives concrete examples that automatically execute token swaps via Zerion CLI (e.g., execSync("zerion swap usdc somi 100 --chain somnia")), scheduled DCA triggering swaps, and reactive protective swaps. These are explicit patterns for signing and sending crypto transactions / market orders (swaps), not just generic tooling. Therefore it grants direct financial execution authority.