farming-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflows (Method A/B and Syrup Pool scripts) explicitly curl and parse live data from public third‑party APIs — e.g., explorer.pancakeswap.com, infinity.pancakeswap.com, configs.pancakeswap.com, api.coingecko.com and api.dexscreener.com — and directly uses that untrusted external content to compute APRs, build recommendations, and choose deep links, so external content can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The included runtime Python scripts auto-install the 'requests' package (via subprocess.check_call([...,'pip','install','requests']) and os.system('pip install requests -q')), which causes pip to fetch and execute remote code from PyPI (e.g. https://pypi.org) at runtime, making it a required external dependency that executes fetched code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about interacting with crypto yield-farming on PancakeSwap and includes concrete, specific on-chain transaction examples and contract calls. It contains "cast send" CLI commands with contract addresses and functions that perform deposits, withdrawals, harvests, approvals, NFT transfers, and Merkle-claim submissions (e.g., deposit(uint256,...), withdraw(...), harvest(...), approve(...), safeTransferFrom(...), claim(...)). Those are direct crypto/blockchain transaction operations (wallet interactions / moving tokens), so the skill provides explicit, actionable financial execution capability despite also offering deep links and UI guidance.