metaplex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires fetching and consuming external, user-provided content — for example, Bubblegum operations fetch Merkle proofs via the DAS API (references/sdk-bubblegum.md / references/cli-bubblegum.md) and many CLI workflows upload/read metadata URIs hosted on Irys/arweave (gateway.irys.xyz, arweave.net) which the agent must read and use to perform transfers/creates/updates.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for blockchain token and NFT operations on Solana — not a generic tool. It lists CLI/SDK actions that create and transfer fungible tokens and NFTs, check SOL balance/airdrop, run Candy Machine drops, and run Genesis "launch" commands (e.g., genesis launch create / createAndRegisterLaunch) which handle deposits and fund flows. These are direct crypto/financial actions (creating tokens, transferring assets, initiating launches/deposits) and therefore constitute direct financial execution capability.