smart-money-signal-copy-trade

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The bot and its risk_check module explicitly call the onchainos CLI to ingest public third-party data (e.g., onchainos signal list, token price-info/advanced-info/trades, security token-scan) — visible in bot.py and risk_check.py — and that untrusted, user/on-chain/generated data is parsed and directly used to gate buys/sells and trigger exits, so external content can materially change agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a live cryptocurrency trading bot that performs on-chain trades and signs transactions. It requires logging into an Agentic Wallet, checks wallet balances, requests a Live Mode budget, toggles DRY_RUN to False to use real SOL, and calls onchainos execution commands including onchainos swap swap and onchainos wallet contract-call (TEE signing + broadcast). These are specific crypto/blockchain transaction APIs and wallet signing operations designed to move funds (execute swaps and broadcast transactions). Therefore it grants direct financial execution capability.