curve-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches live pool/token data from the public Curve API (https://api.curve.finance) and public RPC endpoints (see plugin.yaml api_calls and src/api.rs), and that external data is parsed and directly used to select pools, resolve token decimals/addresses, build calldata, and drive swap/add/remove actions—so untrusted third-party content can materially influence tool decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight install step downloads and executes a remote installer at runtime (e.g. "https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh"), which is a runtime-fetched script that will be executed and is required for the skill to operate.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations: it provides commands to "swap", "add-liquidity", and "remove-liquidity" on Curve Finance, requires a --wallet address for write commands, handles ERC‑20 approvals, previews calldata with --dry-run, and executes transactions via "onchainos wallet contract-call" (broadcasting txs and reporting txHash/explorer links). These are concrete crypto/blockchain transaction capabilities (signing/submitting on‑chain transfers), so it grants direct financial execution authority.