pump-fun-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and consumes public Solana on-chain data via Solana RPC (e.g., the pumpfun crate and commands like get-token-info, get-price, and the proactively-run quickstart in SKILL.md), which is untrusted, user-generated blockchain content that the agent reads and uses to drive trading previews and decision/actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's pre-flight runtime steps fetch and execute remote code (e.g., curl -fsSL https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh | sh and curl -fsSL https://github.com/okx/plugin-store/releases/download/plugins/pump-fun-plugin@0.1.9/pump-fun-plugin-... -o ~/.local/bin/.pump-fun-plugin-core), so external content is downloaded and executed as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for crypto financial operations on Solana: it exposes write operations "buy" and "sell" that route through onchainos swap execute --chain solana to submit on-chain swaps, resolves and uses a Solana wallet (onchainos wallet login / balance), and returns transaction signatures (tx_hash) on live execution. Although previews/dry-runs exist, the documented "live" mode with --confirm executes real blockchain transactions. This is a specific crypto/blockchain payment/trading capability (wallet + swap + transaction submission), so it grants direct financial execution authority.