zerion-uniswap-lp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to run Zerion CLI commands (zerion positions / zerion pnl / zerion portfolio) which fetch public wallet and portfolio data from the third-party Zerion API for arbitrary addresses, and that data is read and used to decide LP sizing and next actions, so untrusted third-party content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto financial operations: Zerion CLI commands to inspect portfolio/pnl and a zerion bridge command with signature that moves tokens across chains. It also describes deploying capital to Uniswap LPs via the /liquidity-planner and requires a Zerion API key. Those are specific blockchain/crypto actions (moving funds, preparing/deploying liquidity) — not generic tooling — so this grants direct financial execution capability.