starter-coach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill repeatedly fetches and acts on public, user-generated on-chain data (e.g., SKILL.md and coach.py require OnchainOS/oc calls such as oc.workflow_new_tokens, oc.workflow_smart_money, onchainos token hot-tokens, onchainos signal list, oc.get_signals, oc.subscribe_ranking, and swap quotes) and the agent is required to read and use those external results to choose candidates, validate safety, and execute trades, so untrusted third‑party content can materially influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to build and run on-chain trading strategies and to execute trades. It names and requires OnchainOS execution APIs and CLI methods (e.g., oc.swap_execute / onchainos swap execute, oc.swap_quote, oc.wallet_contract_call for signing & broadcast, onchainos wallet balance, tx detail, etc.), includes flows to generate bot scripts, verify them, and "Execute trades via: onchainos swap execute ...". Those are specific crypto/blockchain execution calls (sending swaps/transactions and signing/broadcasting), not generic API callers or browser automation. Therefore it grants direct financial execution authority.