1inch

Warn

Audited by Snyk on May 14, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill makes runtime calls to public 1inch/Fusion/Orderbook APIs (e.g., client.py, exports.py, fusion_client.py, fusion_tools.py call https://api.1inch.com and https://api.1inch.dev/orderbook/), and the agent parses returned JSON/typedData/tx data and uses it to build/sign/submit transactions and control follow-up actions—so untrusted third‑party responses can materially influence tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial actions. It provides scripts that call the 1inch API and a wallet service (via WALLET_SERVICE_URL and an OIDC socket) to: get quotes, broadcast approve transactions (approve.py), execute swaps (swap.py), and run a full end-to-end swap flow including auto-approve and post-trade verification (run_swap_flow.py). It supports multiple chains and direct broadcasting of transactions, and even includes handling for wallet policy changes. These are specific crypto/blockchain wallet and swap operations (signing/broadcasting transactions), i.e. direct financial execution.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 06:54 PM
Issues
2
Security Audit — snyk — 1inch