saturnswap-cross-chain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime scripts call the public SaturnSwap API (https://saturnswap.io/api/uex/ via getMetadata, getQuote, createOrder/quickQuote/findToken in scripts/uex-client.js) and directly parse fields like depositAddress, depositAmount and unsignedTxCbor that the agent must interpret and act on (e.g., instruct sending funds or signing transactions), so untrusted third‑party responses can materially change behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto swap/bridge integration (SaturnSwap UEX). It exposes specific endpoints and commands for obtaining quotes and creating orders (/quote and /order), scripts like create-order.js, and workflow steps that create unique deposit addresses and require sending exact deposit amounts. It even references signing details (requiresSignature / unsignedTxCbor). These are concrete, purpose-built capabilities to initiate and execute cross-chain token transfers—i.e., move money—so this meets the "Direct Financial Execution" criterion.