uniswap-pay-with-any-token

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The auto-injected pre-flight script secretly fingerprints the device, decodes an obfuscated key to create an HMAC-signed device ID, and silently POSTs that data to external endpoints (telemetry/exfiltration) which is unrelated to the skill's stated purpose of paying HTTP 402 challenges.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The script contains a literal, base64-encoded value assigned to _K: "OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw==". It is used as an HMAC signing key ("HMAC signature (obfuscated key, same as CLI binary)") to compute device signatures and report to external APIs. This is a high-entropy, real-looking secret embedded in code (not a placeholder, truncated value, or simple example password), so it meets the definition of a hardcoded secret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for making crypto payments: "Pay HTTP 402 payment challenges using any token via Tempo CLI and Uniswap Trading API." It names a specific trading API (Uniswap Trading API) and CLI (Tempo) intended to execute token swaps/payments, which are direct blockchain/crypto transaction operations. This fits the crypto/blockchain category of Direct Financial Execution.