compound-v3-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and consumes untrusted third-party data (on-chain and API responses) from public RPC endpoints listed in plugin.yaml (e.g., https://ethereum.publicnode.com, https://base-rpc.publicnode.com) and via update/install curl calls to raw.githubusercontent.com, and SKILL.md explicitly requires the agent to read those market/preview outputs (min_borrow_amount, previews, next_command, balances) and act on them, so external content can materially influence subsequent tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Yes — the pre-flight install runs runtime fetch-and-execute commands (e.g. curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh and downloads https://raw.githubusercontent.com/okx/plugin-store/main/scripts/launcher.sh and the GitHub release binary), which fetch remote code that is executed/installed and are required for the skill to run.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Compound V3 (Comet) lending plugin designed to perform on-chain financial actions: supply, borrow, repay, withdraw, and claim rewards. It integrates with wallets (onchainos wallet login/status/balance), performs ERC‑20 approve and contract calls, and submits transactions via "onchainos wallet contract-call" (reporting tx hashes). These are specific crypto/blockchain financial operations (wallet transactions and token transfers), not generic tooling. Therefore it grants direct financial execution capability.