raydium

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's handlers (e.g., calls to tokenlist.resolveTokenMints, tokenlist.getTokenList, raydium.listRaydiumPools/listRaydiumPoolsSdk, raydium.getRaydiumQuote/getRaydiumPoolInfoSdk) fetch public on-chain/tokenlist data (SOLANA_RPC_URL defaults to https://api.mainnet-beta.solana.com) and the agent reads and uses that external data to decide and execute swaps, pool operations, and position management, so untrusted third-party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Raydium DEX integration for Solana and includes direct transaction-executing commands and APIs: swap execution ("/ray swap", raydium_swap, executeRaydiumSwap), CLMM and AMM position creation/management (create/increase/decrease/close positions, add/remove liquidity), CLMM swaps, and harvesting rewards. The TypeScript API requires a keypair and connection and the environment exposes SOLANA_PRIVATE_KEY and SOLANA_RPC_URL, indicating the skill can sign and send blockchain transactions. These are specific crypto financial operations (wallet signing, swaps, liquidity management) intended to move funds, so it grants direct financial execution capability.