Skills
skills/pancakeswap/pancakeswap-ai/collect-fees/Snyk

collect-fees

Warn

Audited by Snyk on Mar 24, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and parses live, public PancakeSwap Explorer and token APIs (e.g., explorer.pancakeswap.com in references/fetch-infinity-positions.mjs and fetch-solana.cjs, tokens.pancakeswap.finance, and DexScreener calls described in SKILL.md) and uses that untrusted third-party JSON/web content to discover positions and drive fee calculations and subsequent actions, so external content can materially influence the agent's workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill runs npm install at runtime (e.g., "npm install --silent viem @pancakeswap/v3-sdk" and similar for @pancakeswap/infinity-sdk and @pancakeswap/solana-core-sdk), which fetches and then executes third‑party Node packages from the npm registry (https://registry.npmjs.org/) as required dependencies for the provided node scripts, so remote code is fetched and run during skill execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is specifically designed for a crypto financial operation: discovering and facilitating the collection of LP fees on PancakeSwap across EVM chains and Solana. It references blockchain-specific SDKs and tools (viem, @pancakeswap/infinity-sdk, @pancakeswap/solana-core-sdk), explicit contract addresses and RPC endpoints, and even references encoding claim calldata (encodeClaimCalldata) and generating deep links to trigger collections in the PancakeSwap UI. Although the prompt states it will not execute transactions or request private keys, the primary and explicit purpose is handling on-chain fee-collection workflows and producing transaction calldata/links — i.e., a crypto financial operation. This meets the criteria for Direct Financial Execution risk.

Issues (3)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 06:45 AM
Issues
3