one-click-token-launch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and processes arbitrary third‑party content — e.g., downloading images from user-supplied URLs in ipfs.py's _read_image, calling pump.fun's /api/ipfs and PumpPortal /api/trade-local, and ingesting Bags.fm/Moonit API responses (unsigned tx bytes, metadata URIs) — and then interprets those responses to build/sign/submit on‑chain transactions, so untrusted external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations. It integrates with an Agentic Wallet (onchainos) running in a TEE for signing and broadcasting transactions, provides a quick_launch() entrypoint that creates tokens and can perform bundled initial buys (sending SOL/BNB), calls launchpad APIs that return unsigned transactions for signing, and directly invokes contract calls (e.g., Flap.sh newTokenV6, Four.Meme factory) including msg.value/quoteAmt parameters. It also references onchainos swaps ("buy more", "sell 50% WIF"). These are specific crypto/blockchain wallet and transaction-execution capabilities (signing and broadcasting value-bearing transactions), not generic tooling. Therefore it grants Direct Financial Execution Authority.