swap-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes responses from the public Trading API at https://trade-api.gateway.uniswap.org/v1 (see the "Trading API" section and the /quote and /swap examples) and then uses fields from those untrusted third‑party responses (e.g., permitData, encodedOrder, quote fields) to decide how to build and submit transactions, so external content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for crypto financial operations (Uniswap swaps). It includes detailed, specific APIs and functions to move funds: Trading API endpoints (/check_approval, /quote, /swap), Permit2 signing/approval flows, Universal Router SDK/execute() contract calls, and concrete code that signs and broadcasts transactions (walletClient.sendTransaction, wallet.sendTransaction, writeContract/sendTransaction). It also instructs performing approvals and broadcasting on-chain swap transactions and smart-contract swap execution. These are direct crypto/transaction execution capabilities, not generic tools, so it grants Direct Financial Execution Authority.