pumpfun

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill routinely fetches and parses public, user-controlled on-chain data from Solana RPC endpoints (e.g., connection.getAccountInfo, getTokenAccountBalance, fetchPoolData and simulateTransaction calls, plus parseBondingCurve/parsePoolState functions) so the agent directly ingests untrusted third‑party content from the public blockchain.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana token/AMM integration guide and includes concrete, executable code for wallet/keypair usage, building and signing transactions, and sending them (sendRawTransaction). It provides functions to create tokens, buyTokens, sellTokens, swapOnPumpSwap, addLiquidity, removeLiquidity, migrateToAMM, and collectCreatorFee — all of which perform on-chain token transfers or withdraw funds. This is direct crypto/blockchain financial execution capability (wallets, signing, swaps, transfers), so it meets the criteria for Direct Financial Execution.