uniswap-v4-lp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly reads public, third‑party blockchain data and contract code via public RPC endpoints (e.g., publicClient.readContract and publicClient.getCode calls in scripts like add-liquidity.mjs, add-to-position.mjs, auto-compound.mjs and airdrop.mjs against BASE_RPC_URL/mainnet.base.org), and those untrusted on‑chain values are interpreted to make transaction/automation decisions (liquidity, swaps, compound/harvest), so external content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs blockchain financial operations: it requires a private key, signs and sends transactions (add/remove liquidity, DECREASE/INCREASE_LIQUIDITY, collect fees, claim from a fee contract), performs token swaps via Uniswap V3 SwapRouter02, and transfers harvested USDC to specified addresses. These are direct crypto/transaction execution capabilities (wallet management, swaps, transfers, contract calls), not generic utilities. Therefore it grants Direct Financial Execution Authority.