hydrex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse live data from public Hydrex APIs (e.g., https://api.hydrex.fi/strategies and https://incentives-api.hydrex.fi/campaigns/proofs) as described in SKILL.md and uses those untrusted responses to compute efficiencies and build/execute voting and claim transactions, so third‑party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is expressly designed to perform on-chain financial actions on the Base network: locking HYDX (creating veHYDX positions), depositing single-sided liquidity into auto-managed vaults, executing votes via a voter contract, claiming oHYDX rewards, and exercising oHYDX into veHYDX (including a discounted ETH payment). It even states "Uses Bankr for transaction execution" and names contract addresses and an explicit "Execute vote via voter contract" step. These are specific crypto/blockchain transaction operations (wallet signing / sending txs), so this grants direct financial execution capability.