pump-token-lifecycle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's SKILL.md requires live fetches from public on‑chain accounts via the online SDK (e.g., onlineSdk.fetchBuyState(mint, user) and onlineSdk.fetchBondingCurve(mint)), which pull untrusted, user-controlled public data and those fetched values (like bondingCurve.complete) directly determine subsequent actions such as migration and trading.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements blockchain financial operations on Solana via PumpSdk/OnlinePumpSdk. It provides instruction builders for token creation (createV2Instruction, createV2AndBuyInstructions), on-chain trading (buyInstructions, sellInstructions), AMM migration (migrateInstruction), and fee collection (collectCoinCreatorFeeInstructions, getCreatorVaultBalanceBothPrograms). These are specific crypto transaction primitives (building/sending on-chain transfer/trade/fee-collection instructions) — not generic tooling — so it grants direct financial execution capability.