1inch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly calls and parses JSON from public 1inch APIs (e.g., https://api.1inch.com/swap/v6.1/... and Fusion+/Orderbook endpoints referenced in client.py, exports.py, fusion_client.py and SKILL.md) and uses those responses to build/sign/submit transactions and drive swap/ordering logic, so untrusted third‑party content can materially influence tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial actions. It provides scripts that call the 1inch API and a wallet service (via WALLET_SERVICE_URL and an OIDC socket) to: get quotes, broadcast approve transactions (approve.py), execute swaps (swap.py), and run a full end-to-end swap flow including auto-approve and post-trade verification (run_swap_flow.py). It supports multiple chains and direct broadcasting of transactions, and even includes handling for wallet policy changes. These are specific crypto/blockchain wallet and swap operations (signing/broadcasting transactions), i.e. direct financial execution.