xaut-trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's limit-order workflow (SKILL.md and references/limit-order-*.md) and the runtime script skills/xaut-trade/scripts/limit-order.js explicitly fetch and parse responses from the public UniswapX API (apiUrl / api.uniswap.org) and use those responses (nonces, order status, orderHash, etc.) to build, sign, submit, and cancel orders—i.e., untrusted third‑party API content is read and directly influences tool actions and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a remote installer and package fetch during setup that executes code: "curl -L https://foundry.paradigm.xyz | bash" (Foundry installer) and runtime "npm install" (downloads from the npm registry / registry.npmjs.org) are required for cast and the limit-order scripts, so these URLs fetch-and-execute remote code at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly implements cryptocurrency trading functionality. It is specifically designed to execute on-chain swaps and limit orders for XAUT (Tether Gold) on Ethereum: it performs USDT→XAUT and XAUT→USDT market swaps via Uniswap V3, places/cancels/queries limit orders via UniswapX, runs on-chain write operations using Foundry cast send, handles ERC-20 approvals, derives signing keys from a keystore or PRIVATE_KEY, and returns transaction hashes. It also requires an UNISWAPX_API_KEY and connects to Ethereum RPC endpoints. These are concrete crypto/wallet/swap/transaction operations (not generic tooling), so this skill grants direct financial execution authority.