1inch
Warn
Audited by Snyk on May 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill makes runtime calls to public 1inch/Fusion/Orderbook APIs (e.g., client.py, exports.py, fusion_client.py, fusion_tools.py call https://api.1inch.com and https://api.1inch.dev/orderbook/), and the agent parses returned JSON/typedData/tx data and uses it to build/sign/submit transactions and control follow-up actions—so untrusted third‑party responses can materially influence tool use and decisions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial actions. It provides scripts that call the 1inch API and a wallet service (via WALLET_SERVICE_URL and an OIDC socket) to: get quotes, broadcast approve transactions (approve.py), execute swaps (swap.py), and run a full end-to-end swap flow including auto-approve and post-trade verification (run_swap_flow.py). It supports multiple chains and direct broadcasting of transactions, and even includes handling for wallet policy changes. These are specific crypto/blockchain wallet and swap operations (signing/broadcasting transactions), i.e. direct financial execution.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata