SunPump Meme Token Toolkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The required runtime workflow for this skill calls sun --json sunpump token get, sunpump portfolio, sunpump tx user, sunpump token ranking, and sunpump token holders, which fetch token metadata/social fields and holder/trade data from SunPump’s public API; those API-returned fields are effectively outsider-authored free text that the agent ingests into LLM context (e.g., description, name, websiteUrl, twitterUrl, telegramUrl).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading/execution tool for the TRON ecosystem. It documents commands to perform on-chain token trades and approvals (sun swap, sun sunpump buy/sell), requires a private key / mnemonic / agent wallet password (TRON_PRIVATE_KEY, TRON_MNEMONIC, AGENT_WALLET_PASSWORD), and describes broadcasting transactions, TRC20 approve flows, and returning transaction hashes. These are concrete blockchain transaction-sending capabilities (wallet signing, approve, buy/sell swaps) — i.e., direct financial execution authority, not a generic interface.