zest-asset-deposit-primitive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and programmatically interprets public on-chain and contract data from HIRO_API (e.g., https://api.hiro.so/v2/contracts/interface/... and extended/v1/... and read-only contract calls via fetchCallReadOnlyFunction), and those untrusted, user-created blockchain/contract responses directly influence blocking/allowing, transaction construction, and broadcast decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto financial write primitive: it performs an on-chain "deposit" by calling v0-4-market.supply-collateral-add, constructs and broadcasts a signed transaction, verifies signer address and wallet balance, enforces postconditions, and explicitly states "This is a write skill and can move funds" and that run refuses to broadcast without --confirm=DEPOSIT. This is a specific blockchain/crypto money-moving capability (wallet signing, asset transfers, collateral deposits), not a generic tool, so it meets the Direct Financial Execution criteria.