limit-order-fast

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill queries multiple public KyberSwap endpoints (Token API, Aggregator API, and Limit-Order API) as shown in SKILL.md Steps 0.5/0.6 and Step 5 and in scripts/fast-limit-order.sh (curl calls to TOKEN_API, aggregator-api.kyberswap.com, and LO_API), and it directly consumes those untrusted API responses to resolve token addresses/decimals, fetch price quotes, obtain EIP‑712 signed payloads, and decide whether to sign/submit orders—so third‑party content can materially alter tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls KyberSwap's runtime APIs (e.g. https://limit-order.kyberswap.com/write/api/v1/orders/sign-message and https://limit-order.kyberswap.com/write/api/v1/orders) to fetch EIP-712 typed data that the script signs and then submits, meaning external content directly controls what is signed and thus the resulting on-chain action.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to create and submit crypto limit orders: it signs EIP-712 messages, auto-approves token allowances, checks balances, and immediately submits a DSLOProtocol limit order via a shell script. It requires wallet credentials (keystore, PRIVATE_KEY/env, Ledger/Trezor), uses cast wallet sign to produce signatures, and interacts with KyberSwap APIs and on-chain approval flows. These are direct crypto-financial execution actions (signing transactions, approving spending, creating orders), not generic tooling — including an explicit no-review fast execution flow. Therefore it grants direct financial execution authority.