hub-api-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly fetches and ingests public PancakeSwap resources (e.g., the token list at https://tokens.pancakeswap.finance/pancakeswap-extended.json, Hub API responses from https://hub-api.pancakeswap.com/aggregator such as /quote and /calldata, and BSC RPC/BSCScan calls) and uses those untrusted third‑party fields (token names, symbols, quote/protocol data) to build calldata and drive execution/handoff decisions, so external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly designed to perform on-chain token swaps: it defines Hub API endpoints (/quote and /calldata), a router contract address, how to check allowances, how to build/send calldata, EIP-681 and Trust Wallet deep-link formats, and channel-specific signing/eth_sendTransaction flows (embedded wallet signing, WalletConnect/EIP-681 handoff, Trust Wallet link, etc.). It provides concrete instructions to construct and hand off transactions (value + calldata) and to poll tx receipts. These are specific crypto transaction execution capabilities (wallet signing and submitting transactions), so it grants direct financial execution authority.