deployer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required "Step 0: Clone the CCA Repository" instructs fetching code from the public GitHub repo (https://github.com/Uniswap/continuous-clearing-auction), so the workflow depends on publicly hosted, potentially untrusted third‑party content (deployment scripts/ABIs) that the agent/user will read and that can materially influence deployment commands and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs cloning and installing the repository https://github.com/Uniswap/continuous-clearing-auction (git clone ...; forge install) as a required runtime dependency whose code/scripts are then used/executed for deployment, so the external URL can directly bring in executable remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for deploying and interacting with blockchain smart contracts (Continuous Clearing Auction). It contains concrete, domain-specific crypto/financial operations: approving ERC-20 transfers, calling a factory's initializeDistribution (which transfers tokens), broadcasting transactions via Foundry/forge and cast (e.g., --broadcast, cast send), and post-deployment functions like onTokensReceived(), sweepCurrency(), and sweepUnsoldTokens(). It also provides explicit guidance on private key handling, hardware wallets, and keystore usage — all indicating the skill is intended to sign and send on-chain transactions that move tokens/funds. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category, so it grants direct financial execution capability.