token-distribution

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (step 5) explicitly instructs spawning a read-only subagent that uses Read/Glob/Grep to load "skill references, example repos, and docs" — including public GitHub repos and external sites (e.g., github.com/Lightprotocol/examples-light-token, distributor repo links, airship.helius.dev, zkcompression.com) — so the agent will fetch and interpret untrusted third‑party web content as part of its workflow, which can materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed for token distribution on Solana and includes concrete blockchain execution primitives: creating mints, minting tokens, building transactions (buildAndSignTx), and sending them (sendAndConfirmTx) via an RPC with a payer keypair. It references RPC keys (HELIUS_API_KEY) and signing with a payer private key and shows code sequences that will move tokens on-chain. These are specific crypto/blockchain execution capabilities (wallet signing and submitting transactions), so it grants direct financial execution authority.