ethena

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches live data from public third-party sources (DefiLlama via DEFILLAMA_CHART_URL/DEFILLAMA_POOLS_URL and an external RPC at RPC_URL in exports.py), and SKILL.md explicitly requires calling ethena_apy()/ethena_rate() so the agent parses that untrusted external JSON/chain responses (APY, rate, cooldown_seconds) which directly influence on-chain decisions and action sequencing.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a protocol integration for staking/unstaking the USDe stablecoin (sUSDe) and includes dedicated finance-specific tools: ethena_stake, ethena_cooldown_start, ethena_unstake, ethena_balance, ethena_rate, and ethena_apy. These native tools return unsigned on-chain calldata (approve/deposit/cooldown/unstake txs) and the documentation instructs signing and broadcasting via wallet_sign_transaction to execute the transactions. The examples show end-to-end flows that create, sign, and broadcast transactions that move tokens on-chain. This is a purpose-built financial execution integration (blockchain wallet transactions), not a generic API or browser automation, so it grants direct financial execution capability.