integrating-jupiter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's "Fresh Context Policy" and playbooks explicitly require fetching and using external public docs and OpenAPI specs (e.g., https://dev.jup.ag and https://api.jup.ag/openapi-spec/...) as the source of truth before executing flows, so the agent will ingest untrusted third‑party web content and let it influence API calls and decision logic.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's Fresh Context Policy explicitly requires fetching external documentation and OpenAPI specs at runtime (e.g., https://dev.jup.ag/openapi-spec/ultra/ultra.yaml), meaning those fetched docs would directly control the agent's prompts/instructions and are relied on as required runtime dependencies.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly documents APIs and flows that perform on-chain financial actions: swap/order execute endpoints (Ultra Swap /execute), limit/recurring order create+execute (/trigger/v1/createOrder -> sign -> /execute, /recurring/v1/createOrder -> sign -> /execute), lending deposit/withdraw endpoints returning base64 unsigned VersionedTransaction, prediction market /orders (POST), and Send endpoints (/craft-send -> sign -> send to RPC). It also includes a signAndSend helper that deserializes, signs with a wallet Keypair, and sends raw Solana transactions. These are concrete crypto/blockchain transaction and funds-movement capabilities (signing and submitting transactions), not generic helpers—therefore the skill grants direct financial execution authority.