defi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries and ingests data from public third‑party APIs (e.g., CoinGecko, DefiLlama, 1inch, Jupiter, LI.FI as shown in Quick Commands and Example Interactions) and uses those responses to generate quotes, price impact warnings, and transaction data that directly influence actions, so untrusted third‑party content can materially change the agent's behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform crypto financial operations: it includes concrete swap and bridge integrations (1inch for EVM swaps, Jupiter for Solana swaps, LI.FI for cross-chain bridging), examples of API calls to obtain quotes and construct swap/bridge transactions, RPC calls to check wallet balances, and example flows that "return transaction data for signing." Those are specific crypto/blockchain execution capabilities (swaps, bridging, transaction creation/signing) not generic tooling. Therefore it grants direct financial execution capability.