zerion-vaultsfyi-watchlist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly ingests live data from external, public services (Zerion CLI/API and the vaults.fyi MCP endpoints such as https://mcp.vaults.fyi/mcp — e.g., positions, wallet_balances, rewards, benchmark_apy, vaults_search) and the agent is expected to read and act on that untrusted third‑party wallet/vault data to make monitoring and recommendation decisions.