pump-fun-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests public, user-controlled data from Solana on-chain accounts and Solana RPC (via the pumpfun crate and the get-token-info / get-price / quickstart commands in SKILL.md), and the agent is instructed to read and act on those results (tailor responses, decide research or execute trades), so untrusted third‑party content can materially influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight steps fetch and execute remote installer scripts at runtime (notably curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh) and download launcher/binary assets from GitHub releases that are required for the skill to run, which constitutes executing remote code from external URLs.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for crypto financial operations on Solana: it exposes write operations "buy" and "sell" that route through onchainos swap execute --chain solana to submit on-chain swaps, resolves and uses a Solana wallet (onchainos wallet login / balance), and returns transaction signatures (tx_hash) on live execution. Although previews/dry-runs exist, the documented "live" mode with --confirm executes real blockchain transactions. This is a specific crypto/blockchain payment/trading capability (wallet + swap + transaction submission), so it grants direct financial execution authority.