swap-execute

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill queries and uses responses from public or user-specified RPC endpoints (see "Step 2: Determine RPC URL" and the cast call --rpc-url {RPC_URL} simulation in "Step 3b"), and those third-party RPC responses (including chain-id and simulation results) are parsed and used to decide whether and how to send transactions, so a malicious/untrusted RPC could materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute on-chain asset swaps and broadcast transactions. It uses Foundry's cast send to submit transactions, includes RPC endpoints, transaction calldata, value/gas fields, and detailed wallet signing methods (private key, keystore, Ledger/Trezor). It also covers ERC-20 approvals and balance checks. These are specific crypto/Blockchain transaction-execution capabilities (signing and sending funds), not generic tooling.