swap-approve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 fallback explicitly instructs the agent to fetch token data from public third-party APIs ("KyberSwap Token API" via WebFetch and "CoinGecko API") to resolve contract addresses, and those fetched addresses/data are then used to decide and execute on-chain approval transactions, so untrusted external content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain ERC-20 approval transactions: it provides exact commands (cast send) and an ethers.js implementation to sign and send "approve(address,uint256)" transactions, lists RPC endpoints, router and token addresses, and details wallet signing methods (private key, keystore, Ledger, Trezor). This is crypto/blockchain signing and transaction execution (moving on-chain allowances), so it grants direct financial execution capability.