solana-compression

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and consume data from public RPC providers (e.g., createRpc to https://mainnet.helius-rpc.com and calls like rpc.getValidityProofV0 / rpc.getCompressedAccount in references/client.md and the SKILL.md workflow) and uses those untrusted third‑party responses to build proofs, accounts, and transaction instructions that directly affect subsequent tool use and program behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Solana blockchain program/client development and lists operations that create, update, close, burn, reinitialize compressed accounts and includes transaction flow steps ("Build Instruction", "Send transaction"). It references decompression to SPL tokens on claim (airdrop claim/merkle-distributor), and requires a payer keypair (~/.config/solana/id.json) and RPC API keys — all explicit crypto/blockchain transaction capabilities (signing/sending token transfers and account state changes). This is a specific crypto/blockchain execution tool, not a generic interface, so it grants direct financial execution capability.