web3-defi-protocols

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and parses data from public third-party APIs and endpoints (e.g., 1inch at https://api.1inch.dev, CoW at https://api.cow.fi, DeFiLlama at https://yields.llama.fi/pools and public RPC URLs in SKILL.md and scripts), and those responses are used to produce quotes, orders, and yield rankings that directly influence tool actions and decisions, so untrusted third-party content can materially affect agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations. It includes concrete tools and APIs to move crypto funds: AaveLendingTool supports supply/borrow/repay/withdraw (uses web3, RPCs, and WALLET_ADDRESS), OneInchSwapTool can execute swaps via the 1inch swap endpoint (includes "swap" action and submits a transaction using WALLET_ADDRESS and API key), and CowSwapTool can create orders (imports eth_account and prepares signed data). The repo includes token and protocol contract addresses and environment variables for PRIVATE_KEY and WALLET_ADDRESS. These are specific, purpose-built integrations for crypto/blockchain transactions (i.e., transferring and managing funds), so this grants direct financial execution authority.