trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs commands that query public blockchain state (e.g., npx fibx@latest status, balance, trade) and even allows configuring custom RPC endpoints, so it ingests untrusted, user-generated on-chain data from third-party nodes that directly drive routing, simulation, and execution decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "npx fibx@latest" at runtime, which downloads and executes code from the npm registry (e.g., https://registry.npmjs.org/fibx or the package at https://www.npmjs.com/package/fibx), so external code is fetched and executed and is a required dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading tool: it finds routes, handles token approvals, simulates and executes on-chain swaps (including wrap/unwrap via contract calls), requires wallet authentication and sufficient token/gas balance, and provides commands to run trades (npx fibx@latest trade ...) and then verify tx status. These are specific blockchain transaction capabilities (wallet signing/transactions, token transfers/swaps), so it is directly designed to move money on-chain.