light-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs agents to fetch and parse live account data from public RPC/indexer providers (e.g., router.md's use of get_multiple_account_interfaces and references to Helius/Triton/Photon) and to post bundles to public endpoints (Jito), so the agent would consume untrusted third-party data that directly influences which load/send instructions it builds and executes.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana DeFi SDK: it includes token accounts, mints, CPI helpers (CreateTokenAccountCpi, CreateMints), client SDK / LightProgramInterface for router integration, and references to AMM/swap examples and router/aggregator integration. Those are concrete crypto/blockchain primitives used to create accounts, mint tokens, and integrate swaps/routers — i.e., on‑chain token operations. Even though it states it doesn't store secrets, the skill's primary domain is crypto/DeFi operations that enable moving assets on-chain, which matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion.