light-token-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow explicitly instructs spawning a read-only subagent to Read/Glob/Grep example repositories and documentation (e.g., the GitHub example repos and zkcompression.com docs linked in "External references" and the "When stuck" step of SKILL.md), which means it will fetch and interpret untrusted public third-party content that can influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana token client SDK and cookbook that exposes concrete token-transfer and token-management operations (create mint, mint-to, transfer, transfer-checked, approve/revoke, burn, wrap/unwrap, freeze/thaw, close). It references client libraries and function names (e.g., createMintInterface, mintToInterface, transferInterface, Wrap/Unwrap, MintTo) and instructs use of RPC API keys and a Solana keypair (~/.config/solana/id.json) for signing transactions. These are specific crypto/blockchain capabilities intended to move and manage tokens on-chain, not generic tooling, so it provides direct financial execution authority.