uniswap-v4

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill queries public RPC endpoints (e.g., https://mainnet.base.org, https://eth.llamarpc.com) and performs contract calls to read on‑chain, user-controlled data (token.symbol/decimals, pool state via StateView, V4Quoter) — see src/pool-info.ts, src/quote.ts, v4_read.py — and the agent reads/interprets those values as part of its workflow, so it ingests untrusted third‑party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain token transfers and trades: it provides scripts for approving ERC20 tokens and executing exact-input swaps via Uniswap V4's Universal Router, requires a wallet PRIVATE_KEY for write operations, sends signed transactions (gas estimates and tx revert handling are documented), and even supports auto-approve flows and recipient addresses. These are direct crypto/blockchain financial execution capabilities (wallet signing + swaps), not generic tooling.