openserv-launch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The agent fetches and displays user-provided token data from the public OpenServ API (e.g., GET /api/tokens and GET /api/tokens/:address and POST /api/launch at https://instant-launch.openserv.ai), including names, descriptions, website/twitter links and image URLs supplied by arbitrary creators, which the agent reads and returns as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform blockchain financial actions: it exposes an API (/api/launch) that deploys ERC‑20 tokens, creates Aerodrome concentrated liquidity pools, locks LP, and performs an initial buy. The example capability posts to the launch endpoint with a creator wallet and returns transaction hashes (tokenDeploy, lpMint, lock, buy). This is a specific crypto/blockchain execution tool that initiates on‑chain transactions and therefore grants direct financial execution authority.