@432/meta-dex-aggregator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly fetches and ingests data from public third‑party APIs and lists (e.g., ParaSwap/Odos/Kyber/0x calls in scripts/aggregators.py, LI.FI endpoints in scripts/crosschain.py, DefiLlama and DexScreener in scripts/safety.py, and external tokenlists in scripts/tokens.py), and those untrusted responses are used by the agent to rank routes and produce/execute transaction data (wallet_transfer/oneinch_swap), so external content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute cryptocurrency transactions. It provides direct execution workflows and calls such as oneinch_swap, oneinch_cross_chain_swap, oneinch_cross_chain_quote, oneinch_check_allowance / oneinch_approve, wallet_info, and wallet_transfer with tx data. It returns ready-to-sign tx data (e.g., LI.FI routes) and instructs executing swaps, approvals, and cross-chain transfers (including tracking tx status). These are specific crypto/blockchain financial operations (wallet transactions, token swaps, bridging) rather than generic tools, so it grants direct financial execution capability.