velodrome-v2-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill performs live JSON-RPC eth_call requests against a public Optimism RPC (rpc_url() -> "https://optimism-rpc.publicnode.com" in src/config.rs and src/rpc.rs) and ingests untrusted on-chain data (pool addresses, reserves, quotes, allowances, earned rewards) which the agent directly reads and uses to choose pools, compute amountOutMin, build calldata, and decide actions (see router_get_amounts_out, factory_get_pool, router_quote_add_liquidity, etc., and the SKILL.md Data Trust Boundary note).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight install steps fetch and run remote installers/binaries at runtime (for example: https://raw.githubusercontent.com/okx/onchainos-skills/${LATEST_TAG}/install.sh and the release binary URL https://github.com/okx/plugin-store/releases/download/plugins/velodrome-v2-plugin@0.1.3/velodrome-v2-plugin-${TARGET}${EXT}), which directly execute remote code and are required for the plugin to function.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations on Optimism (chain ID 10). It exposes specific crypto transaction commands: swaps (executes swapExactTokensForTokens), token approvals, add-liquidity, remove-liquidity, and claim-rewards — and it broadcasts transactions via wallet contract-call --force (tx selectors and txHash outputs are shown). This is not a generic API caller or browser automation tool: its primary purpose is to move crypto funds and execute contract calls. Therefore it grants direct financial execution capability.