sns-launch

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs cloning and using the repository https://github.com/dfinity/sns-testing.git at runtime and relies on its tooling/scripts to deploy and initialize SNS canisters, meaning fetched remote code will be executed and is a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform a token swap and manage on-chain token transfers: it documents SNS swap canister behavior ("runs the decentralization swap (ICP for SNS tokens)"), references the ICP Ledger that "handles ICP token transfers during swap", includes swap-specific parameters (min/max participation, duration, vesting), and provides commands to interact with the swap and ledger canisters (e.g., checking swap state, total supply). These are specific crypto/blockchain financial operations (sending/receiving tokens as part of a swap), not generic tooling—so it grants direct financial execution capability.