injective-rfq-integrations

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute on-chain trades and settlement on the Injective network. It includes concrete financial execution primitives and instructions: connecting an EVM wallet and deriving an address, creating an ephemeral autosign key, granting AuthZ, calling the RFQ gateway (RFQ_GATEWAY_URL) and fetchPrepareAutoSign, signing returned TxRaw (bodyBytes/authInfoBytes) and inserting signatures in signer order, then broadcasting and polling the transaction. It also references Cosmos/Injective message types (e.g., MsgSend, MsgPrivilegedExecuteContract, MsgBatchUpdateOrders), Web3Gateway fee-payer usage, and settlement/position close flows. These are specific tools and APIs whose purpose is to move funds / execute market orders on-chain, not generic tooling.

Issues (1)

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 11:59 AM
Issues
1