quicknode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to fetch and act on data from open/public Quicknode/x402 RPC endpoints and Marketplace add‑ons (e.g., POSTs to https://x402.quicknode.com/{network}, process.env.QUICKNODE_RPC_URL, qn_fetchNFTs, Metis/Jupiter swap endpoints), which are untrusted/third‑party user-generated sources (NFT metadata, marketplace data, quotes) and the agent is expected to read/interpret those responses and use them to drive actions like swap execution—allowing indirect prompt-like inputs to influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes blockchain transaction/swap capabilities. It documents x402 wallet-based access that uses an evmPrivateKey (implying signing/payment), and the Quicknode Marketplace add-ons include a Metis
• Solana Trading API with endpoints to get quotes and execute swaps ("quoteGet" and "swapPost"). Those are specific crypto execution functions (transaction/signing and token swaps), which constitute direct financial execution authority.