integrating-jupiter

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's "Fresh Context Policy" explicitly requires fetching external documentation from dev.jup.ag at runtime (e.g., https://dev.jup.ag/docs/llms.txt and specific refs like https://dev.jup.ag/docs/swap/v2/order-and-execute.md), and those fetched docs are treated as authoritative guidance that can directly override/control the agent's instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built for DeFi/crypto financial operations on Solana. It documents endpoints and flows that create, sign, and execute on-chain/value-moving transactions (e.g., Swap: GET /swap/v2/order -> sign -> POST /swap/v2/execute; Lend: POST /earn/deposit; Trigger: POST /orders/price with depositSignedTx; Recurring: POST /createOrder -> sign -> POST /execute; Send: POST /craft-send; Prediction markets: POST /orders). The quickstart includes a signAndSend helper that deserializes, signs, and sends VersionedTransaction to the RPC, and many playbooks describe creating and executing transactions that move tokens. These are specific, purpose-built APIs to initiate and complete monetary transfers/trades, so the skill grants direct financial execution capability.