zerion

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow calls the Zerion API/CLI to fetch live public data (e.g., "zerion portfolio " and "Use zerion chains for the live catalog with metadata") which ingests third‑party, user-controllable on‑chain and token metadata that the agent will read and could materially influence trading/analysis actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a crypto wallet API/CLI explicitly built for on-chain financial operations. It defines commands for "swap", "bridge", and "send" tokens, references trading commands that require an API key and agent token, and includes wallet management (create/import/list/backup/delete) and agent-token/policy setup for autonomous trading. These are specific, finance-native capabilities (wallet management, signing/broadcasting transactions, swapping/bridging assets) intended to move value on-chain, not generic tooling.