emblem-defi-yield

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to call third-party market/analytics endpoints (e.g., birdeyeTrendingTokens, nansen_defi_portfolio, nansen_smart_money_holdings) to fetch public token/trending and wallet data which the agent is expected to read and use to make swap/strategy decisions, exposing it to untrusted external content that can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides crypto transaction and swap tooling to move value. It names and documents functions/commands that perform on-chain token swaps and liquid staking (e.g., splBuyIntent, ethSwap, baseSwap, bscSwap, polygonSwap, hederaTokensSwap) and shows example commands like "Swap 5 SOL for JitoSOL" and "Use splBuyIntent to swap 10 SOL for mSOL". It also advertises entering liquid staking via token swaps across multiple chains and lists conditional orders and balance-checking plus execution workflows. These are specific, purpose-built capabilities to send transactions and change asset holdings (i.e., move money), not generic browser or HTTP tools. Therefore it grants Direct Financial Execution Authority.