defi-protocols

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and interpret data from public third-party APIs (e.g., Etherscan API endpoints like /api?module=account&action=balance and The Graph subgraph GET https://api.thegraph.com/subgraphs/name/aave/protocol-v2) and to use that data to drive contract interactions and decisions, exposing it to untrusted external content that could influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain financial operations. It describes interacting with smart contracts using Web3/Ethers, reading and writing state, managing ERC‑20/ERC‑721 tokens (including transfers and approvals), performing lending/borrowing via Aave/Compound, and sending transactions (examples: contract.methods.transfer(...).send({ from: walletAddress }), await contract.methods.borrow().send()). It includes deployment and signing contexts that use private keys/accounts (e.g., networks.accounts: [process.env.PRIVATE_KEY]) and integration with wallets/signers (MetaMask). These are explicit crypto/blockchain transaction and wallet signing capabilities (directly able to move funds), so it meets the definition of Direct Financial Execution.