meme-trench-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill repeatedly calls the onchainos CLI to fetch public, user-generated data (e.g., memepump tokens, token-details, trades, price-info, kline) — see memepump_token_list / memepump_token_details / trades / token-dev-info calls in scripts/scan_live.py and risk_check.py — and the agent directly reads and acts on that data to open, adjust, and close positions, so untrusted third-party content can materially change tool use and decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a cryptocurrency automated trading bot for Solana that integrates with the onchainos CLI and an Agentic Wallet (TEE) to build, sign, and broadcast on‑chain transactions. It includes concrete executable commands and flows for trading: onchainos wallet login/status/addresses, onchainos swap quote and onchainos swap swap to build transactions, and onchainos wallet contract-call for TEE signing + broadcast. The skill’s runtime (scan_live.py) contains try_open_position() and check_position() logic to open/close positions, and the interactive startup flow allows switching to Live Trading (PAPER_TRADE = False) and setting SOL exposure and per-trade sizes. All of these are specific, purpose-built capabilities to execute market orders and manage crypto funds (build/send swaps, sign transactions, manage balances). Therefore it grants direct financial execution authority.