@1247/yield-optimizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches real-time pool data from the public DeFi Llama Yields API (https://yields.llama.fi/pools), as shown in SKILL.md ("Data source: DeFi Llama Yields API") and scripts/scan_pools.py (DEFILLAMA_YIELDS), and it directly reads and acts on that third‑party data to rank opportunities and drive deposit/rehbalancing decisions, so untrusted external content can materially affect tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to manage and move crypto funds. It describes autonomous USDC yield optimization and concrete execution steps: checking wallet balances, approving USDC, supplying to Aave V3 via contract addresses, executing deposits/withdrawals, bridging USDC across chains, and scheduled rebalances that perform withdraw → bridge → deposit. It integrates with a "wallet" skill for transaction execution and a bridge skill for cross-chain transfers. These are specific crypto wallet/transaction operations (signing/sending on-chain transactions), not generic tooling, so it grants direct financial execution capability.