trading-solana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime (index.ts and SKILL.md) explicitly queries public third‑party sources — e.g., tokenlist.resolveTokenMints/getTokenList, pools.listAllPools/selectBestPool, jupiter.executeJupiterSwap, raydium/orca/meteora quote APIs and PumpPortal — and then uses those untrusted on‑chain/DEX/API responses (quotes, pool selections, token resolutions) to choose routes and execute trades, so external content can materially influence agent decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain financial operations on Solana. It requires a SOLANA_PRIVATE_KEY and provides wallet utilities (loadSolanaKeypair, signAndSendTransaction) and numerous direct-execution functions: executeJupiterSwap, createJupiterLimitOrder/cancel/list, createJupiterDCA/close/list, executeRaydiumSwap, executeOrcaWhirlpoolSwap, executeMeteoraDlmmSwap, executePumpFunTrade (buy/sell), plus liquidity/LP management and order creation. These are concrete APIs to send transactions, swap tokens, place/cancel orders, and move funds on-chain — not generic tooling. Therefore it grants direct financial execution authority.