lista-lending

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's agent-run command examples and required flags (e.g., --wallet-topic, RPC URL with ) instruct the agent to include session topics/API keys as command-line arguments or in requests, which requires the LLM to handle and potentially emit secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches live data from public Lista APIs and blockchain RPC endpoints (e.g., sdk.getMarketList / sdk.getVaultList / sdk.getHoldings in dist/api/market.js and dist/api/vault.js, and public RPC URLs in dist/cli/cli.bundle.mjs CONFIG/DEFAULT_RPCS), and that untrusted third‑party data is used to build selections and transaction parameters that drive subsequent tool execution, so external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for on-chain lending operations and includes commands that build and send transactions: deposit, withdraw, supply, borrow (execute), repay (execute), and market-withdraw. It requires wallet-topic/wallet-address, delegates transaction execution to lista-wallet-connect (which simulates and requests wallet signatures via a "call" command), and enforces signing/consent flows. This is a domain-specific crypto/blockchain financial execution tool (lending vault/market operations), so it grants direct financial execution capability.