@1458/dust-sweeper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md Phase 1 & Phase 2) explicitly fetches live pricing/quote data from third-party services (birdeye_token_overview, oneinch_quote, coin_price/CoinGecko) and uses those untrusted external responses to decide which tokens to approve/swap, so remote content can materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to move crypto assets: it discovers ERC‑20 balances, checks allowances, performs unlimited approvals, and calls oneinch_swap to convert tokens to ETH/USDC. It defines concrete blockchain operations (oneinch_approve, oneinch_swap, oneinch_check_allowance, wallet_balance, quotes) and even schedules recurring automated sweeps. This is a specific crypto/blockchain financial execution capability (signing/sending on‑chain swaps and approvals), not a generic tool, so it grants direct financial execution authority.