solana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's references (see references/features-actions-blinks.md) describe clients fetching and introspecting arbitrary Action/Blink URLs (GET/POST to third-party Action APIs served on public domains) which return signable transactions/metadata that clients are expected to process and may drive signing/submission behavior, exposing the agent to untrusted third‑party content that could carry indirect prompt-injection instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Solana blockchain operations that enable moving value: it documents building and sending transactions, signing (including offline signing), RPC methods for balances and sending, SPL token mint/transfer/approve/burn, cookbook recipes like "Send SOL", and Payments & Solana Pay (payment URLs, send/accept). These are specific crypto/wallet/transaction capabilities (including signing and sending), so the skill provides direct financial execution functionality.