bridging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md includes a runtime workflow using the LI.FI SDK (getQuote / executeRoute) and lists many external bridge URLs (e.g., https://v2.app.squidrouter.com, https://layerzero.network, https://superbridge.app) which the skill would fetch/ingest from public third-party services and then use those responses to decide and execute bridging routes, so third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move crypto assets across chains. It includes concrete blockchain tooling and code to perform transactions: walletClient.createWalletClient/custom transport, walletClient.writeContract calling wrapAndBridge with a value (parseEther(amount)) which sends funds and signs a transaction, explicit bridge contract addresses, and LI.FI SDK calls (getQuote and executeRoute) to execute cross-chain swaps/bridges. These are specific crypto transaction APIs (wallet signing + transaction submission) and therefore constitute direct financial execution capability.