zerion-vaultsfyi-yield-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly calls external public APIs—e.g., the vaults.fyi MCP ("https://mcp.vaults.fyi/mcp") for positions, wallet_balances, rewards, vaults_search, and Zerion's CLI/API ("zerion analyze ")—and the agent is expected to read and act on that untrusted third-party data to make recommendations and drive follow-up actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes transaction-level crypto commands and workflows to move assets. It references Zerion CLI usage with an API key and shows concrete commands to perform swaps and bridges (zerion swap ...; zerion bridge ...). It also surfaces claimable rewards and includes related skills for executing swaps/bridges and deposits. These are specific crypto/Blockchain execution capabilities (sending transactions, swapping, bridging, depositing), so the skill grants direct financial execution authority.