helius

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and parses untrusted public content — e.g., off-chain Arweave/IPFS metadata returned by the DAS API (references/das.md) and live, user-originated transaction/webhook streams via WebSockets/LaserStream/Webhooks (references/webhooks.md, references/websockets.md, references/laserstream.md) — and the workflow explicitly instructs the agent to read and route/act on those events (e.g., "Route by event.type"), so third-party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides blockchain transaction-sending and swap capabilities: it documents Sender endpoints and rules for submitting transactions, references MCP tools like transferSol and transferToken, lists swap APIs (DFlow, Jupiter, Titan), and requires wallet generation/funding for agentic signup and payments. These are specific crypto/blockchain financial operations (sending tokens, swaps, signing transactions), not generic tooling, so it grants direct financial execution authority.