solana-analysis

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs using a fixed API key and shows it embedded in every command (e.g., --api-key sol-xxxxxxxx), forcing the LLM to include the secret verbatim in generated CLI calls, which is insecure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts/call-mcp.ts issues HTTP POSTs to a public MCP server (recommended URL https://solmcp.daog1.workers.dev) and consumes/prints the server's JSON "result" payload—i.e., it fetches and interprets arbitrary third-party MCP/tool outputs (public blockchain/transaction/account data), which are untrusted user-generated content.