pumpfun-mechanics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's parse_events script and docs show it fetches and parses live, public on-chain data from arbitrary Solana RPC endpoints or gRPC subscriptions (see scripts/parse_events.py using RPC_URL/TX_SIGNATURE and references/graduation_process.md's gRPC note), so it ingests untrusted, user-generated blockchain content that the agent reads and uses to drive event/decision logic.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about on-chain token trading and migration on Solana. It contains concrete buy/sell functions (buy_tokens, sell_tokens, buy_cost), exact instruction discriminators and binary layouts for buy/sell instructions (including spendable_sol_in, min_tokens_out, amount_tokens, min_sol_output), and program/account addresses. Those details are specific to constructing and submitting market orders / swaps on a blockchain (PumpFun/PumpSwap), not generic tooling. This is therefore direct crypto/blockchain financial execution capability.