defi-protocol-interaction

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and consumes JSON from the public DeFi Llama API (https://api.llama.fi) in scripts/defi_tvl.py (and is documented in SKILL.md under defi_tvl), and that untrusted third‑party data (name/description/TVL/APY) is parsed and used to produce recommendations and outputs that can materially influence decisions, creating potential for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations: it targets decentralized exchanges and lending protocols (Uniswap, Aave, Compound, etc.), provides contract addresses, swap quote tooling, position queries, and guidance for executing swaps, adding liquidity, and managing lending/borrowing (health factor, liquidation risk). These are specific DeFi actions that enable token swaps, lending/borrowing and other on‑chain value movements (crypto swaps and protocol interactions), so it grants direct financial execution capability in the crypto domain.