zk-nullifier

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to call external RPCs (e.g., rpc.getValidityProofV0 / rpc.get_validity_proof and rpc.get_address_tree_v2 in the Client Implementation and Workflow) to fetch public on-chain/address-tree proofs that the agent must read and use to build instructions, so untrusted third-party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for building and invoking a ZK Solana program that creates nullifier accounts on-chain. It contains concrete blockchain transaction logic (program entry point create_nullifier, create_nullifiers function, CPI into the Light system program, signer accounts), client code that builds and submits instructions (program.methods.createNullifier... .accounts({ signer: ... })), and details about lamport costs per nullifier. This is specific crypto/blockchain transaction functionality (creating on-chain accounts/state and invoking RPCs), not a generic tool, so it grants direct crypto execution capability.