krystal-defi-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and reference docs instruct the agent to fetch runtime data from the public Krystal API (e.g., https://api.krystal.app endpoints such as /all/v1/lp_transaction/swap_and_mint and /all/v1/lp_transaction/withdraw_and_swap) and to read the returned txData which the agent is expected to sign/send with a web3 provider, so untrusted third-party responses can directly determine actionable transactions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes DeFi transaction-building and wallet operations. It provides endpoints like "Zap In", "Zap Out", "Swap and Increase", "Compound", and "Adjust Range" that build txData for on-chain actions (adding/removing liquidity, swapping, claiming fees, compounding). The instructions explicitly state to "Sign and send txData using a web3 provider" and include parameters like liquidityPercent, amountIn, fundFromOwner, isVault, etc. This is a purpose-built crypto/blockchain financial execution API (constructing and sending transactions that move funds across multiple chains), so it grants direct financial execution capability.