morpho-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches runtime data from external third-party APIs (e.g., MarketParams and positions from https://blue-api.morpho.org/graphql and claimable rewards/proofs from https://api.merkl.xyz/v4/claim), and those responses are used to build previews, calldata, and make decisions (health checks, approvals, transactions), so untrusted remote content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight install runs a shell pipeline that executes remote code at runtime—e.g. "curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh"—which fetches and runs a remote installer that the skill requires to function.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations. It exposes concrete write commands that build and broadcast on-chain transactions: supply (deposit), withdraw, borrow, repay, supply-collateral, withdraw-collateral, and claim-rewards. It uses onchainos wallet contract-call to submit transactions (including immediate ERC‑20 approvals via --force) on Ethereum and Base, resolves token decimals/amounts, and returns tx hashes. These are direct crypto/blockchain transaction primitives to move funds (not generic browser/API tooling). Therefore it grants direct financial execution authority.