orca

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's main code (index.ts) calls tokenlist.resolveTokenMints and multiple orca.* functions (e.g., listOrcaWhirlpoolPools, fetchOrcaPositionsForOwner, fetchOrcaWhirlpoolsByTokenPair) which ingest public on-chain/token-list data (third-party, user-controlled) and use it to build quotes and execute swaps/transactions, so untrusted content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill exposes explicit crypto trading commands on a Solana DEX, including a direct "swap" command ("Execute swap") which performs token trades. This is a specific financial execution capability (crypto swaps/DEX transactions), not a generic interface, and therefore constitutes direct financial execution authority.