sushiswap-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Flagged because the SDK directly calls the public SushiSwap REST API (via getQuote/getSwap) and ingests returned routing, pricing, and calldata from the open aggregator—third-party content the agent is expected to read and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a purpose-built TypeScript SDK for SushiSwap that explicitly exposes swap-related functionality: requesting swap quotes and generating/executing swap transactions via getQuote() and getSwap(). It includes network support, transaction-generation guidance, mandatory referrer for execution calls, and fee/customization details. This is a specific crypto/blockchain swap tool (not a generic API caller or browser automation), and it directly supports creating executable financial transactions on-chain. Therefore it grants Direct Financial Execution capability.