injective-rfq-integrations
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute on-chain trades and settlement on the Injective network. It includes concrete financial execution primitives and instructions: connecting an EVM wallet and deriving an address, creating an ephemeral autosign key, granting AuthZ, calling the RFQ gateway (RFQ_GATEWAY_URL) and fetchPrepareAutoSign, signing returned TxRaw (bodyBytes/authInfoBytes) and inserting signatures in signer order, then broadcasting and polling the transaction. It also references Cosmos/Injective message types (e.g., MsgSend, MsgPrivilegedExecuteContract, MsgBatchUpdateOrders), Web3Gateway fee-payer usage, and settlement/position close flows. These are specific tools and APIs whose purpose is to move funds / execute market orders on-chain, not generic tooling.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata