token-swap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls public on-chain/DEX data sources (e.g., swap_get_quote, swap_supported_dexes, and get_erc20_token_info as described in SKILL.md) to retrieve live quotes and token metadata from Uniswap/PancakeSwap and token contracts, which are untrusted third‑party inputs that the agent reads and uses to decide and execute swaps.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform cryptocurrency token swaps on decentralized exchanges (Uniswap, PancakeSwap, QuickSwap) across multiple EVM chains. It provides specific functions for getting quotes and "swap_execute" which "Execute the swap (auto-approves token spending if needed)" and uses the active wallet for signing transactions. These are direct crypto/ blockchain transaction capabilities (constructing, signing, and sending token transfer/swap transactions), so the tool's primary and explicit purpose is to move funds. Therefore it meets the Direct Financial Execution criteria.