swapper-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to "Obtain production API key to add to .env.base" and to populate environment files with API keys, which requires the LLM to accept and embed secret values verbatim in generated files/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly asks for and instructs the agent to fetch and read external API documentation and Swagger/OpenAPI links and to make test curl requests and implement fetchFrom[SwapperName].ts (and CSP connect-src entries like https://api.[swapper].com), meaning it will consume untrusted, user-provided third-party web content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to integrate DEX aggregators, swappers, and bridge protocols (e.g., 0x, 1inch, Jupiter, Thorchain). It requires obtaining API keys, building quote and trade execution flows, handling slippage and transaction data, storing swap-specific metadata (swap IDs, deposit addresses), and implementing status polling and execution endpoints. These are concrete crypto swap/transaction operations (signing/executing swaps, deposit addresses, cross-chain bridging) — not generic tooling — so it grants direct financial (crypto) execution capability.