kamino-lend-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and ingests data from open/public third-party APIs (e.g., DeFiLlama at https://yields.llama.fi/pools, the Kamino API, and Jupiter at api.jup.ag) and explicitly parses and acts on that data—most notably submitting Jupiter's returned swapTransaction via onchainos—so untrusted remote content can directly influence transactions and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill's pre-flight steps fetch and execute remote installer/binary code at runtime—e.g. https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh (executed after checksum verification), https://raw.githubusercontent.com/okx/plugin-store/main/scripts/launcher.sh, and https://github.com/okx/plugin-store/releases/download/plugins/kamino-lend-plugin@0.1.4/... (downloaded as the plugin binary)—so external content is fetched and run as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations on Solana: it can supply, withdraw, borrow, and repay assets; build and broadcast transactions via onchainos wallet contract-call --chain 501 --unsigned-tx <base58_tx> --force; and even perform automatic token swaps via Jupiter to cover shortfalls. These are specific crypto/blockchain wallet and transaction-execution capabilities (signing/submitting transactions and swapping tokens), not generic tooling. Therefore it grants direct financial execution authority.