swap-execute-fast

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches and parses untrusted third-party API responses (e.g., curl calls to https://aggregator-api.kyberswap.com and https://token-api.kyberswap.com in scripts/fast-swap.sh and SKILL.md) and uses that data to build, validate, and immediately broadcast transactions, so those external responses can materially influence tool decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime curl calls to https://aggregator-api.kyberswap.com (and https://token-api.kyberswap.com) to fetch route/build JSON whose returned tx.data and transaction fields are directly used and broadcast by the script (cast send), meaning remote service responses directly control what on-chain transaction is executed.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to build and broadcast blockchain swap transactions and manage signing methods (keystore, env/private key, Ledger/Trezor). It runs a script that immediately constructs and broadcasts a real on-chain transaction (producing txHash, explorerUrl, gas usage, etc.), uses PRIVATE_KEY or keystore, and manipulates wallet signing — all actions that directly move funds. This is a specific crypto execution tool (fast, no-confirmation swap), not a generic interface, so it grants direct financial execution authority.