zap-fast

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill fetches and parses live data from multiple public KyberSwap endpoints (e.g., fast-zap.sh's fetch_zap_route call to https://zap-api.kyberswap.com, the token API at https://token-api.kyberswap.com, and the Earn Service/aggregator URLs referenced in SKILL.md) and directly uses those untrusted API responses to build and immediately broadcast transactions, so external content can materially change tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's fast-zap.sh calls the KyberSwap ZaaS endpoints at https://zap-api.kyberswap.com (and related Token API https://token-api.kyberswap.com) at runtime via curl to fetch a zap route and transaction calldata which are then directly used to build and immediately broadcast on‑chain transactions, so remote content both controls execution and is a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to build and immediately broadcast on-chain crypto "zap" transactions. It requires wallet configuration (keystore, env private key, Ledger/Trezor), exposes PRIVATE_KEY and wallet method env handling, calls a script (execute-zap.sh -> fast-zap.sh) that constructs and broadcasts a transaction to a ZapRouter address, verifies router addresses, checks allowances/balances, and returns txHash/blockNumber. The prompt repeatedly emphasizes irreversible, real-money on-chain execution with no confirmation. This is a direct crypto/blockchain financial execution capability (signing/sending transactions), not a generic tool.