meteora

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly queries public Solana data and token metadata (e.g., tokenlist.resolveTokenMints / tokenlist.getTokenList and meteora.listMeteoraDlmmPools / other meteora.* calls in index.ts) which ingest untrusted, user-generated on-chain/public token-list information that the agent reads and uses to form quotes, choose pools, and execute transactions—so third‑party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto trading/tooling integration for Solana (Dynamic Liquidity Market Maker). It exposes a "/met swap to " command with the action "Execute swap", which is a specific capability to move funds/perform on-chain token swaps. This meets the crypto/blockchain (wallets/swaps/signing) criterion for Direct Financial Execution.