pumpfun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and ingests public, untrusted third‑party content—e.g., calls to frontend-api-v3.pump.fun and pumpportal.fun via pumpFrontendRequest/pumpPortalRequest, dexscreener.com in enrichWithDexScreener, plus arbitrary user-supplied image URLs fetched in handleIpfsUpload/handleCreate and realtime events via wss://pumpportal.fun—which are parsed and used to make trading/quoting/sniping/creation decisions (handleQuote, handleCreate, handleSnipe), so external content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls the runtime endpoint https://pumpportal.fun/api/trade-local (used in handleCreate and handleClaim), retrieves serialized transaction bytes, deserializes/signs them and broadcasts them—meaning it executes remote-provided transactions and depends on that external content to perform critical actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana trading/launchpad tool with commands to buy and sell tokens, get swap quotes, and snipe/listen for launches. Trading functionality requires a SOLANA_PRIVATE_KEY and references trading APIs (PumpPortal) and RPC endpoints, which indicates the agent can sign and submit on-chain transactions (move funds). These are specific crypto/blockchain execution capabilities (wallet signing, swaps, market orders), not generic tooling.