zerion-vaultsfyi-rebalance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly ingests and acts on data from the public vaults.fyi MCP (https://mcp.vaults.fyi/mcp) via calls like position_details, vault_details, transaction_context, build_vault_tx, vaults_search and uses those returned flags/timing/instructions to decide whether to stop, require confirmation, or construct and execute transactions, so untrusted third‑party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily designed to move crypto assets between DeFi vaults. It references and requires crypto-specific tools and actions: Zerion CLI commands (zerion swap, zerion bridge, zerion portfolio/positions), vaults.fyi MCP methods that build vault transactions (build_vault_tx with redeem/deposit actions, transaction_context), and transaction lifecycle actions (submit_tx_hash, get_transaction_status). It orchestrates swaps, cross-chain bridges, constructs unsigned blockchain transactions for withdrawals/deposits, and tracks/signing/broadcasting flows. These are direct crypto/blockchain financial execution capabilities (swaps, bridging, transaction construction/submission), so it meets the "Direct Financial Execution" criteria.