mirage-private-transfer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow for mirage invoke explicitly fetches and consumes Anchor IDLs published on-chain or provided from public sources (e.g., a repo/GitHub), and the agent reads and interprets those untrusted IDLs to construct and sign transactions, so third-party content can directly change actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill can fetch Anchor IDLs at runtime via an RPC URL (e.g., https://api.mainnet-beta.solana.com passed with --rpc-url), and those fetched IDL files directly determine the instructions/accounts the CLI prompts for and uses to build/execute transactions, so the external URL controls agent-invoked behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides commands and workflows to create and manage wallets, fund wallets, construct, sign, and broadcast Solana transactions, and perform SPL token transfers (e.g., mirage transfer --to --amount, mirage fund, mirage ows sign tx). It also supports invoking Anchor programs and sending transactions on mainnet (mentions mainnet USDC, rpc-url, cluster, transaction signature reporting). These are specific, purpose-built financial operations (moving funds, signing and sending blockchain transactions, managing a treasury wallet), not generic tooling. Therefore it grants direct financial execution capability.