top-rank-tokens-sniper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches and acts on public, untrusted token data (e.g., via onchainos CLI calls like onchainos token trending, token advanced-info, and token holders used in scripts/ranking_sniper.py and risk_check.py and documented in SKILL.md), and those external fields (token tags, trade history, holder lists, etc.) are parsed and directly drive buy/sell decisions and safety gating—creating a clear vector for indirect prompt-injection via third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a live cryptocurrency trading bot for Solana. It requires logging into an onchainos-managed wallet (TEE signing), exposes commands and functions to perform swaps and execute trades (e.g., onchainos swap swap --from ... --to ... --amount ... --wallet <addr> --slippage <pct>, onchainos wallet contract-call, onchainos wallet addresses, onchainos wallet balance, onchainos wallet order-status), and provides a live-mode flow that sets MODE="live", configures TOTAL_BUDGET and BUY_AMOUNT, unpauses trading, and starts the bot which automatically places buys/sells and manages exits. These are specific crypto-wallet, swap, signing and order-execution capabilities — i.e., direct financial execution.