build

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly instructs configuring and using API keys (e.g., "Use setHeliusApiKey with their key" and SDK examples with apiKey fields), which can require the agent to accept and embed user API keys verbatim in tool calls or generated code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests untrusted third‑party content — e.g., off‑chain NFT metadata from Arweave/IPFS via references/das.md, parsed transaction/webhook payloads via references/webhooks.md, and public docs/blogs referenced in SKILL.md — and requires the agent to read and act on those results (wallet investigation, event routing, transaction decisions), so external user-generated content can materially influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides and instructs use of transaction-sending and token-transfer functionality on Solana: it documents Sender endpoints, MCP tools like transferSol and transferToken, swap APIs (DFlow, Jupiter, Titan), and rules that “ALWAYS use Helius Sender endpoints for transaction submission.” It also describes agentic signup and funding flows that require on-chain payments (fund wallet with SOL/USDC) and billing/payment actions (payRenewal, upgradePlan, agenticSignup). These are specific, built-in financial execution primitives (sending transactions, transferring tokens, performing swaps, and on-chain payments), not generic tooling. Therefore it grants Direct Financial Execution Authority.