raydium-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches live, public data from Raydium endpoints (e.g., https://api-v3.raydium.io and https://transaction-v1.raydium.io — see compute/swap-base-in and mint/price calls in SKILL.md and src/*), and the agent parses those untrusted responses (quotes, priceImpactPct, routePlan, serialized transactions) to decide warnings, build transactions, and perform swaps, so third‑party content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's pre-flight setup fetches and executes remote installer scripts/binaries at runtime (e.g., https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh and the plugin binary from https://github.com/okx/plugin-store/releases/download/plugins/raydium-plugin@0.2.1/...), which directly executes remote code and are required dependencies for the skill to run.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements on-chain token swaps on Solana: it provides a "swap" command that builds serialized transactions, signs/submits them via an onchainos wallet (uses onchainos wallet contract-call --unsigned-tx --force), resolves wallet addresses, checks balances, and returns transaction hashes. It is specifically designed for crypto financial operations (token swaps / wallet-based transaction broadcasting), so it grants direct financial execution capability.