mirage-solana-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly fetches and interprets on-chain Anchor IDLs and external swap quotes (e.g., via "mirage invoke" which "fetches the IDL" and the GET to https://payments.magicblock.app/v1/swap/quote), both of which are public, third-party content that the agent uses to decide which instructions/accounts/transactions to run, so untrusted content can directly influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and primarily a Solana wallet/operator: it defines commands to create/resolve wallets, fund them, check balances, execute SPL transfers (public or private), execute swaps (quote + execute via mirage swap), invoke Anchor programs (build+sign+send instructions), and sign/send raw transactions via mirage ows sign tx. Those are crypto/blockchain actions that move assets and sign transactions — not generic tooling. Therefore it grants direct financial execution authority.