jingswap-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches oracle prices and VAAs from a public JINGSWAP_API (default https://faktory-dao-backend.vercel.app — e.g. /api/auction/pyth-prices, /api/auction/pyth-vaas) and the agent uses those untrusted third‑party responses to drive decisions and to construct/submit settlement transactions (clearing-preview, prices, close-and-settle), so remote content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for on-chain token swaps and account operations: it defines a specific Stacks contract, markets, and CLI commands that perform deposits of STX and sBTC (deposit-stx, deposit-sbtc), update on-chain limits (set-stx-limit, set-sbtc-limit), cancel deposits for refund (cancel-stx, cancel-sbtc), and execute an atomic settlement transaction (close-and-settle). These are direct crypto/blockchain financial actions (wallet/transaction signing and swaps) rather than generic tooling. Under the rules (Crypto/Blockchain: Wallets, Swaps, Signing), this constitutes direct financial execution capability.