hermetica-yield-rotator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches live data from public third‑party APIs (e.g., Bitflow at https://bff.bitflowapis.finance via fetchHodlmmPool/fetchHodlmmActiveBin/fetchHodlmmPosition and Hiro at https://api.mainnet.hiro.so via callReadOnly/fetchUserBalances) and the agent must read and act on those responses to decide rotations and emit MCP commands, so untrusted external content can materially influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to move funds on-chain. It queries on-chain contracts and, in write mode, outputs MCP commands to perform staking, initiate-unstake, complete-unstake, token swaps, and add/remove liquidity on Bitflow HODLMM (e.g., bitflow_swap, bitflow_hodlmm_add_liquidity, bitflow_hodlmm_remove_liquidity). It accepts wallet addresses and a --confirm flag to execute actions such as --action=stake, --action=initiate-unstake, --action=complete-unstake, and --action=rotate, and includes an autonomous spend cap and balance checks. These are specific payment/crypto execution operations (cross-protocol token swaps and staking/unstaking) — not generic tooling — so it grants direct financial execution authority.