clankerkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's implementation (src/index.ts and the SKILL.md/tools like swap_tokens, get_swap_quote, get_order_book, get_meme_tokens, smart_trade, kyber_swap, zerox_swap, and pay_for_service) calls external aggregators and APIs (Kuru Flow / Kuru CLOB orderbooks, KyberSwap, 0x Swap API, arbitrary payment endpoints) and ingests their live quotes/orderbook/API responses, which the agent reads and uses to make trading and transaction decisions — i.e., untrusted third‑party content directly influences tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a blockchain wallet/trading tool designed to move funds. It requires an agent private key, manages an AgentWallet, can send native tokens and ERC-20s (send_tokens, send_token), execute arbitrary contract calls (execute_transaction), perform on-chain swaps (swap_tokens, kyber_swap, zerox_swap), stake/unstake/withdraw MON, place market and limit orders on the Kuru CLOB (kuru_market_order, kuru_limit_order), run autonomous trading strategies (smart_trade), perform cross-chain swaps, and has a pay_for_service function paying USDC. These are specific crypto/blockchain and market-order capabilities (and a direct payment function), not generic tools — therefore it grants Direct Financial Execution authority.