uniswap-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md pre-flight version check fetches https://raw.githubusercontent.com/okx/plugin-store/main/skills/uniswap-ai/plugin.yaml via curl and uses that public GitHub content to decide whether to auto-update/install the skill (and thus change agent behavior), exposing the agent to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's pre-flight runtime version check fetches https://raw.githubusercontent.com/okx/plugin-store/main/skills/uniswap-ai/plugin.yaml via curl to decide whether to run an update (npx skills add ...) which would download and execute remote code, so the external URL can directly cause remote code execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Uniswap developer tools and explicitly mentions "trading", "drivers", and "on-chain" analysis across Uniswap V2/V3/V4. That indicates a primary purpose of creating and executing crypto swaps/transactions (wallet signing / on-chain trade execution), which are direct financial operations. Even though the snippet lacks function-level details, the skill's stated purpose is specific to moving crypto funds on-chain rather than being a generic tool—so it grants Direct Financial Execution capability.