uniswap-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The shared preflight instructions (_shared/preflight.md) explicitly instruct fetching and executing a public script via curl from https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh (and perform POSTs to plugin-store/okx endpoints), which means the skill requires ingesting and running untrusted public third‑party content that can materially influence agent tools and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's shared preflight instructs users to run a runtime curl | sh that fetches and executes remote code from https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh, which is a required installation step that directly executes external code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Uniswap developer toolset listing "trading, hooks, drivers, and on-chain analysis" across Uniswap V2/V3/V4. That wording indicates built-in crypto/blockchain transaction capabilities (swaps/trades, drivers for on-chain interaction and likely signing/sending transactions). This is specifically designed for cryptocurrency financial operations, so it grants direct financial execution authority.