near-intents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches live data from open third-party APIs (e.g., GET/POST to https://1click.chaindefuser.com — /v0/tokens, /v0/quote, /v0/status, /v0/any-input/withdrawals) and renders/uses external fields such as depositMemo, depositAddress, withdrawals and explorerUrl as part of its workflow, which are external/untrusted strings that could be attacker-controlled.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for executing crypto token swaps and cross-chain transfers. It exposes specific financial APIs and flows: POST /v0/quote (dry/wet) to obtain quotes and deposit addresses, instructions to build and send deposit transactions, POST /v0/deposit/submit to notify the API of deposits, and chain-specific deposit guides (EVM, Solana, NEAR, TON, Tron, Stellar). These are concrete crypto/ blockchain transaction operations (wallet/deposit addresses, creating/submitting transactions, managing balances), so it grants direct financial execution capability.