trading-on-uniswap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and use public DexScreener data (see "DexScreener for Price Discovery" with the curl to https://api.dexscreener.com/...) as a discovery surface, and that external, untrusted JSON is read and used to influence on-chain routing/price decisions and subsequent transaction actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading/execution tool. It provides concrete CLI commands and ABIs to perform token swaps, approvals, liquidity operations, quotes, and on-chain transaction broadcasts (e.g., agw contract write --execute, agw tx calls with raw calldata, approve + swap batching). It lists token addresses, router/quoter interactions (Uniswap V2/V3 functions like getAmountsOut, quoteExactInputSingle), and safety rules for amountOutMin, deadlines, and atomic execution. These are specific blockchain/crypto transaction APIs and wallet operations intended to move funds on-chain, not generic tooling.