grimoire-pendle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Authoring Workflow explicitly requires calling the public Pendle API via commands like grimoire venue pendle markets and grimoire venue pendle market-tokens (default base URL https://api-v2.pendle.finance/core), whose responses are read and used to select token addresses and routing decisions that directly affect adapter behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documents explicit Pendle protocol actions (swap, add_liquidity, mint_py, redeem_py, mint_sy, redeem_sy) and shows example spell syntax (e.g., pendle.add_liquidity(...), pendle.swap(...)) that are clearly for on-chain token swaps/liquidity operations. These are specific crypto/blockchain financial operations (swaps/liquidity/mint/redeem) — not generic tooling — so the skill provides direct financial execution capabilities.