solana-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to add and use the Solana MCP server (e.g., the command "claude mcp add --transport http solana-mcp-server https://mcp.solana.com/mcp" and the "Solana Documentation Search"/"Solana Expert" tools), which causes the agent to fetch and act on live third‑party documentation/expert content from a public URL that can influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to run a runtime install command that adds and uses an external MCP server (claude mcp add --transport http solana-mcp-server https://mcp.solana.com/mcp), which will fetch remote content that the agent will use to drive prompts/responses, so this URL is a runtime dependency that can control agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana development toolset: it covers wallet connection and signing flows, transaction building/sending/confirmation UX, creating tokens, deploying to devnet/mainnet, and uses client libraries (@solana/kit, RPC) for sending transactions and simulation. Those are crypto/blockchain operations (wallets, signing, sending on-chain transactions) — i.e., direct financial execution capability (even though it includes guardrails, the primary functionality includes building and sending transactions and token operations).