bitflow-swap-aggregator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls Bitflow's public APIs via createBitflowSdk (e.g., getAvailableTokens, getQuoteForRoute, prepareSwap/getSwapParams) and Hiro public endpoints (fetchJson to HIRO_API) to ingest live token/route data which the agent directly reads and uses to construct contract/function calls, postconditions, and broadcast transactions—meaning untrusted third-party content can materially change executed actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto swap executor: it quotes, prepares, and broadcasts Bitflow aggregator swap transactions on mainnet, requires a signer/wallet, can move wallet funds, and has a run command that broadcasts the swap after explicit confirmation. This is a purpose-built blockchain/crypto transaction tool (wallet signing, swap broadcast), so it grants direct financial execution authority.