routing-dex-trades

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches quotes from public third-party aggregator APIs (1inch, Paraswap, 0x) as shown in SKILL.md and implemented in scripts/quote_fetcher.py, and those external responses are parsed and directly drive routing, split, and MEV decisions (route_optimizer.py, split_calculator.py, mev_assessor.py), so untrusted external content can materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed for cryptocurrency trading: it integrates named DEX aggregator APIs (1inch, Paraswap, 0x), computes swap routes (including multi-hop and split orders), estimates gas and effective rates, and provides MEV/execution recommendations (Flashbots, CoW Swap). These are specific crypto/blockchain trading tools (swaps/route discovery and execution workflows) rather than generic utilities, and are directly tied to moving financial value on-chain. Therefore it grants Direct Financial Execution capability.