limit-order

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for EIP-712 signatures and then embed those user-provided signature strings verbatim into curl/JSON requests (and output them), which requires handling sensitive secret-like values in the LLM output and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly performs WebFetch calls to third-party APIs (KyberSwap Token API, KyberSwap Aggregator, CoinGecko, and other public limit-order endpoints) to resolve token addresses, honeypot/FOT status, and current market prices — responses from these external sources are parsed and used to refuse orders, warn users, compute amounts, and drive subsequent actions, so untrusted third-party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed for cryptocurrency trading via the KyberSwap Limit Order API. It includes crypto-specific operations: creating limit orders (computing maker/taker amounts, converting to wei), producing EIP-712 typed data for the user to sign, submitting the signed order to Kyber's write API, querying orders, and performing gasless or hard cancels (including building on-chain calldata). These are direct blockchain/crypto financial operations (wallet signing, order creation/submission, token approvals), so it grants direct financial execution authority.