solana-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly creates RPC/WebSocket clients to public Solana endpoints (e.g., createSolanaRpc('https://api.devnet.solana.com') and createSolanaRpcSubscriptions('wss://...') in core-setup/core-rpc/core-rpc-subscriptions) and uses calls like getAccountInfo/getTransaction/fetchLookupTables and decompileTransactionMessageFetchingLookupTables to fetch and decode untrusted on-chain/user-generated data that the agent is expected to read and act on (e.g., for planning, signing, or sending transactions), so third-party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an SDK specifically for Solana blockchain operations and explicitly exposes wallet/keypair management, signers, transaction construction, signing, and sending (e.g., "signers", "transactions", "sign", "send-and-confirm", RPC "send", "generateKeyPair", "wallet swap", "useSignAndSendTransaction"). These are concrete crypto/blockchain capabilities (creating/signing/sending on-chain transactions and managing wallets), which constitute direct financial execution authority.