svm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires calling Helius MCP tools (fetchHeliusBlog, searchSolanaDocs, getSIMD, readSolanaSourceFile) to fetch live public Helius blog posts, Solana docs/SIMDs, and GitHub source files and instructs the agent to read and synthesize that content as part of its workflow, exposing it to untrusted third‑party material that can materially influence answers and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires Helius MCP tools to fetch live content at runtime (e.g., blog pages under https://helius.dev/blog/ and GitHub paths such as https://github.com/solana-program/token-2022), and that fetched content is injected into the agent's context to drive answers, so these external URLs are runtime dependencies that directly control the agent's prompts/responses.