gmx-liquidity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md "Reading Pool Data (SDK)" and "Reading Pool Data (REST / GraphQL)") instructs the agent to fetch market/pool data from public third‑party endpoints (e.g., https://arbitrum-api.gmxinfra.io and https://gmx.squids.live/...) and to use those results to compute fees, select pools, and drive contract calls, so untrusted external content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move crypto assets. It documents contract-level write flows (ExchangeRouter.multicall, GlvRouter.multicall), token approvals, sending native token execution fees, and concrete functions that create on-chain deposits, withdrawals, shifts, and GLV deposits/withdrawals (e.g., sendTokens, sendWnt, createDeposit, createWithdrawal, createShift, createGlvDeposit). It also shows calling walletClient.writeContract with specific router addresses and values. These are direct blockchain financial execution actions (depositing/withdrawing/moving tokens and paying execution fees), so this is a direct financial execution capability.