symbiosis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow and scripts (scripts/symbiosis-swap.py and scripts/symbiosis-quote.py) directly call the public Symbiosis API at https://api-v2.symbiosis.finance/crosschain/v1/swap and consume fields like "tx" and "approveTo" which are then used to construct and submit transactions via the Bankr Submit API, so untrusted third-party responses can materially alter the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts call https://api-v2.symbiosis.finance/crosschain/v1/swap at runtime to fetch executable transaction calldata and approve addresses which the skill then submits via the Bankr API, so the fetched content directly controls code executed on-chain.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move funds: it provides scripts to execute cross‑chain token swaps/bridges (symbiosis-swap.py), automatically reads the user's Bankr API key and wallet address, performs ERC-20 approve and swap operations, and submits transactions via the Bankr Submit API (POST https://api.bankr.bot/agent/submit). This is a specific crypto/blockchain execution capability (wallet use, signing/submitting transactions, swapping tokens), not a generic tool. Therefore it grants direct financial execution authority.