lifi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) instructs the agent to query live LI.FI public APIs (e.g., https://li.quest/v1 endpoints such as GET /quote, POST /advanced/routes, and /status) and to read/interpret returned route/transactionRequest data that directly determines execution or routing decisions, exposing the agent to untrusted third-party responses that could influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The LI.FI skill is explicitly designed to perform cryptocurrency transfers and swaps: it exposes endpoints and SDK functions that return ready-to-sign executable transaction data (GET /quote, POST /advanced/stepTransaction), guides signing and submission of transactions, and provides SDK methods like executeRoute and wallet/provider adapters (EVM, Solana, KeypairWalletAdapter) including examples using private keys and wallet clients. These are direct crypto financial execution capabilities (wallet signing, sending transactions, cross-chain bridging/swaps), so it grants direct financial execution authority.