routing-dex-trades

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime explicitly fetches and ingests quotes from public aggregator APIs (1inch, Paraswap, 0x) — see quote_fetcher.py and the SKILL.md/ARD.md instructions requiring network access to those aggregator APIs — and the returned untrusted third‑party responses are normalized and used to drive routing, split, and MEV decisions, so external content can materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trade routing/DEX aggregation tool that integrates with 1inch, Paraswap, and 0x APIs to obtain swap quotes, compute multi-hop routes, split orders, and assess/prepare for MEV-protected execution. These are specific blockchain/crypto swap APIs (i.e., explicit crypto trading functionality), not a generic tool. Therefore it constitutes direct financial execution capability.