slippage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's documentation and code show it consumes public market/orderbook data from third-party platforms (e.g., SKILL.md examples referencing "polymarket" and "uniswap" and index.ts calling createExecutionService().estimateSlippage), which the agent must read and use to make execution/optimization decisions, so untrusted user-generated market data could materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a trading tool: its API includes functions to optimize and execute orders (e.g., slippage.executeProtected, slippage.optimize, slippage.splitOrder, slippage.twapSchedule) and protection controls that cancel/retry executions (revertThreshold, retryOnRevert). It also includes crypto-specific DEX parameters (chain, dex, tokenIn/tokenOut) for swaps. These are specific financial-execution capabilities (placing/splitting/canceling market orders and DEX swaps), not generic utilities, so it grants direct financial execution authority.