magicblock

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to call and act on responses from external REST APIs (notably the Private Payments API at https://payments.magicblock.app and its /v1/swap/quote proxy to Triton/Jupiter) and to deserialize/consume those responses (e.g., quoteResponse and transactionBase64) as part of its workflow, meaning untrusted public third‑party data can materially influence transactions and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes blockchain payment and fund-movement functionality tailored to Solana: "Private payments API (deposits, transfers, withdrawals, and swaps)", lamports top-up via lamportsDelegatedTransferIx, fee vault / delegated fee payer for commit sponsorship, and swap/private transfers. These are specific crypto/financial operations (wallet/top-up, transfers, swaps, fee management) rather than generic tooling, so it grants direct financial execution capability.