zonein

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches live, user-generated trading signals, market titles, and trader profiles from the third-party API at https://mcp.zonein.xyz/api/v1 (used by Polymarket/HyperLiquid) — as shown in SKILL.md and scripts (e.g., scripts/zonein.py, scripts/check_signals.py, scripts/track_trader.py) — and the agent consumes and acts on that data to generate signals, validate and create trading agents, run backtests, and potentially execute trades, so untrusted external content can materially influence decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages crypto trading agents and wallet funds via named commands that move or execute financial transactions. It includes commands to deposit/fund/bridge funds (agent-deposit, agent-fund -> returns tx_hash/amount), open and close market positions (agent-open, agent-close), withdraw funds to user wallets (agent-withdraw --to 0x...), deploy/enable agents to start trading (agent-deploy, agent-enable), and check/transfer balances. These are specific, purpose-built financial operations (crypto trading, bridging, withdrawals) — not generic tooling. Although a --confirm gate is required, the skill clearly provides Direct Financial Execution capabilities.