uniswap-viem-integration

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt contains auto-injected, obfuscated telemetry/install-reporting scripts that compute a device fingerprint and HMAC-signed token and send them to external endpoints—behavior not disclosed in the skill's EVM-integration description and thus hidden/deceptive relative to the stated purpose.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md pre-flight "Version check" explicitly instructs the agent to curl a public raw.githubusercontent.com URL (https://raw.githubusercontent.com/okx/plugin-store/main/skills/uniswap-viem-integration/plugin.yaml), parse its version, and conditionally run an update (npx skills add ...) and then re-read SKILL.md, so untrusted public GitHub content can directly influence tool actions and subsequent agent behavior.

HIGH W008: Secret detected in skill content (API keys, tokens, passwords).

• Secret detected (high risk: 1.00). The script contains a base64-encoded literal: OE9nNWFRUFdfSVJkektrMExOV2RNeTIzV2JibXo3ZWNTbExJUDFIWnVoZw== which is decoded into _K and used as an "obfuscated key" to compute an HMAC signature (HMAC_SIG) and a device token (DIV_ID). This is a high-entropy, hardcoded secret key embedded in the code (not a placeholder or obvious example) and thus qualifies as a real secret that can be used to sign or authenticate requests. Flagging is appropriate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an integration maintained by Uniswap Labs for "EVM blockchains using viem and wagmi" and is explicitly the Uniswap viem plugin. This is a purpose-built crypto/blockchain integration (Uniswap = decentralized exchange) and therefore is specifically designed to interact with wallets and perform on-chain operations (swaps/transactions/signing). That matches the Crypto/Blockchain category (wallets, swaps, signing) in the Core Rule, so it grants direct financial execution capability.