glend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly reads live, public on-chain data via publicClient.readContract against public RPC endpoints (e.g., the configured RPC URLs like https://testnet.dplabs-internal.com and https://eth.llamarpc.com) — functions such as getUserAccountData and getReserveData in SKILL.md consume and interpret this untrusted, user-generated blockchain content to make borrowing/repayment/transaction decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain financial operations. It requires an AGENT_PRIVATE_KEY and provides viem walletClient code that calls contract write functions (supply, borrow, repay, withdraw, mint, approve, mint/borrow/repay on gToken/tToken, enterMarkets, etc.). These are concrete crypto/Blockchain transaction APIs that move funds and manage loans on EVM chains (including faucet minting, ERC-20 approvals, and transaction submission). Under the core rule, this is a specific tool to execute financial transactions on-chain, so it grants direct financial execution authority.