dex-execution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests data from public third‑party APIs (e.g., Jupiter's endpoints like https://quote-api.jup.ag/v6/quote and /tokens and Helius priority-fee endpoint) and uses those responses (quotes, route plans, token metadata, and swap transactions) to build, simulate, and drive execution decisions, so untrusted external content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime calls to Jupiter's API (notably https://quote-api.jup.ag/v6/swap and related /quote and /swap-instructions endpoints) which return base64-encoded transactions and instruction data that the skill relies on and that, when signed/submitted, directly execute remote on-chain instructions—constituting a remote-provided execution payload used at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute cryptocurrency trades: it uses Jupiter's DEX aggregator to get quotes and build swap transactions, shows how to construct the swap via /swap, decodes the base64 transaction, signs it with a private key (WALLET_PRIVATE_KEY), and submits the signed transaction to a Solana RPC (sendTransaction) and confirms it. These are concrete, specific crypto/blockchain transaction signing and submission steps — direct financial execution capability.