v4-dynamic-auction

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching code from raw GitHub URLs ("To fetch specific lines: curl -s \"<url>\" | sed -n 'START,ENDp'") pointing to raw.githubusercontent.com, which is an open/public third-party source the agent is expected to read and could materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching raw source at runtime (e.g., curl -s "https://raw.githubusercontent.com/whetstoneresearch/doppler/988dab4/src/initializers/Doppler.sol" | sed -n 'START,ENDp'), which means remote code/content from that URL is fetched during runtime and can be injected into prompts to directly control agent behavior and is referenced as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill documents smart-contract code for a Uniswap V4-based dynamic auction that explicitly implements token sales and swap-related logic. It references Uniswap V4 hooks (beforeSwap), parameters for numTokensToSell, totalTokensSold/totalProceeds, proceeds-based exit conditions (early exit, refunds, sell back), and epoch rebalances that adjust the curve based on actual sales. These are specific crypto/blockchain financial execution mechanisms (token swaps/sales), not generic tooling, so it grants direct financial execution capability.