optimizing-gas-fees

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill fetches and ingests live data from public third‑party sources (e.g., RPC endpoints and explorer APIs such as the Etherscan endpoints in scripts/gas_fetcher.py and the CoinGecko calls in scripts/cost_estimator.py and config/settings.yaml), and those external values are read and used by the agent to compute recommendations and timing (e.g., in gas_optimizer.py and pattern_analyzer.py), so untrusted remote content can materially influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on blockchain financial operations: it fetches gas from RPC endpoints, references an Etherscan API key, and lists specific crypto transaction operations (eth_transfer, erc20_transfer/approve, uniswap_v2/v3_swap, sushiswap_swap, curve_swap, bridge_deposit, aave/compound actions, nft_mint/transfer, etc.). These are domain-specific crypto/ blockchain functions (swaps/transfers/bridges) rather than a generic tool. Even though the described scripts estimate costs rather than submit transactions, the presence of explicit crypto transaction operation types and RPC access makes this a crypto-oriented financial execution capability per the rule criteria.