QuickSwap V3 DEX

Fail

Audited by Snyk on Jun 16, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). The set mixes legitimate blockchain endpoints (polygonscan, thegraph, polygon.publicnode.com, GitHub/okx) with direct downloads of prebuilt plugin binaries and install scripts served from a personal GitHub (skylavis-sky) — direct executable releases from an unvetted user plus install scripts are a common malware distribution vector even if some checksum checks are present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow includes fetching and executing installer scripts from GitHub (e.g., curl ... raw.githubusercontent.com/.../install.sh in SKILL.md), which is outsider-authored free text (shell script) that can be injected into the agent’s context via the fetched content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).


MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain cryptocurrency operations and can broadcast transactions that move user funds. It integrates with onchainos wallet commands (wallet login, addresses, balance) and provides a quickswap-plugin swap command which, when run with --confirm, executes up to three on-chain transactions (wrap → approve → swap) on Polygon via the SwapRouter and returns an explorer TX link. It also documents automatic wrapping of native MATIC and approving the router. These are concrete crypto/blockchain transaction and signing actions (not generic tooling), so the skill grants direct financial execution capability.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

  • Hidden Unicode characters detected (1 type(s) found)

Issues (5)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

W021
MEDIUM

Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 16, 2026, 03:28 AM
Issues
5
Security Audit — snyk — QuickSwap V3 DEX