woofi-swap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states the API "queries WooPP, 1inch, and ODOS simultaneously", so the skill ingests price/tx data from external public DEX aggregator services and uses those results (tx_steps/quotes) in its workflow to build and sign transactions, meaning third-party responses can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform crypto financial operations. It provides dedicated endpoints to build and execute token swaps and cross-chain swaps (POST /v2/swap and POST /v2/cross_chain/swap), returns ready-to-sign transaction steps (tx_steps), performs approval checks, and supports buying/selling/bridging tokens across chains. It targets wallets (signer_address, to, rebate_to) and states "One call, full swap" and "Wallet signing required" — i.e., it constructs transactions intended to move funds on-chain. These are specific crypto/Blockchain primitives (swaps, bridging, transaction building/signing), not generic tooling, so it grants Direct Financial Execution capability.