uniswap-swap-planner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required pre-flight steps (_shared/preflight.md) instruct the agent to download and run an installer from a public GitHub URL (https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh) and to POST install/report data to external services, which requires fetching and executing open/public third-party content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The shared preflight requires, at runtime, downloading and executing a remote installer script (curl -sSL "https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh" -o /tmp/onchainos-install.sh then sh /tmp/onchainos-install.sh), which fetches and runs remote code as a required dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on token swaps on Uniswap ("Plan token swaps and generate Uniswap deep links across all supported chains"), i.e. a crypto swap-specific capability. Because it is specifically designed around blockchain token swaps (not a generic browser or HTTP tool), it meets the criterion for Direct Financial Execution risk.