payments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (steps 2 and 5) requires the agent to locate and spawn a read-only subagent to read skill references, example repos and external docs (e.g., GitHub example repos and zkcompression.com docs), which means it will fetch and interpret public third‑party content that can influence decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments SDK for Light Token on Solana and contains direct, specific functions and workflows to move value: e.g., transferInterface / createTransferInterfaceInstructions, batch-payments (batch-send), basic-send actions, createMint, wrap/unwrap, spend-permissions (delegate-approve / delegate-transfer), receive/send flows, and wallet signing integrations (Privy, Wallet Adapter) that enable signing transmissions. It documents payment flows, transaction instructions, and gasless sponsoring of fees, and references credentials/secrets for signing services. This is not a generic toolset — its primary, explicit purpose is to send and manage tokens (financial operations), so it grants Direct Financial Execution capability.