aggregator-hook-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Generic Aggregator Hook (SKILL.md and references/implementations.md) explicitly decodes and executes user-supplied hookData (ExternalAction[] passed into beforeSwap) to call external contracts (e.g., Curve/Balancer), so it ingests untrusted, user-provided calldata that directly controls routing and execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute on-chain token swaps and interact with external DEX contracts. It defines Solidity constructs and callbacks that perform external calls (e.g., curvePool.exchange), an ExternalAction struct including an address and value (ETH) to send, and a generic hook pattern that encodes and executes arbitrary external calls inside the beforeSwap callback. These are direct crypto/blockchain transaction operations intended to move funds (route swaps, send ETH/value, approve tokens), not generic tooling. Therefore it grants direct financial execution capability.