yo-protocol-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflows (e.g., yo read which mandates an RPC via --rpc-url and the yo api commands that call the public Yo REST API at https://api.yo.xyz) ingest external, publicly-hosted responses which the agent parses to build unsigned transaction calldata (e.g., decimals, allowances, exchange rates), so those third-party responses can materially influence subsequent tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto/blockchain transaction builder for ERC-4626 yield vaults. It provides specific commands to build unsigned transaction calldata for financial actions: yo prepare deposit (builds gateway deposit transactions), yo prepare redeem (builds redeem transactions), yo prepare approve (builds ERC‑20 approve transactions), plus read commands for allowances, balances, and previewing deposit/redeem amounts. It is clearly designed for on‑chain fund movement (agent-first tooling for Safe/AA/Safe multisig integrations) rather than a generic tool. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of direct financial execution capability.