meme-coin-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill’s runtime workflow ingests outsider-authored free text when it fetches and reads public web content (e.g., Etherscan/Solscan pages, DEXTools/Birdeye, Unicrypt/PinkLock, rugcheck.xyz, honeypot.is) or other scraped pages as readable prose, which can contain indirect prompt-injection payloads.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically focused on crypto token operations and includes explicit blockchain transaction actions and tools: Foundry PoC tests that call token.mint(), token.blacklist(), token.setFees() and perform buys/sells; references to Uniswap V2 router/WETH addresses and swap functions (swapExactTokensForETH); Solana CLI (spl-token display / solana account) checks for mint/freeze/update authorities; and LP migration/withdraw/setRouter patterns. These are token-specific crypto execution primitives (minting, blacklisting, swapping, LP manipulation) rather than generic tooling, so the skill grants direct crypto/financial execution capability.