jupiter-token-verification

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The premium flow requires the user to produce a base64-signed transaction (and the example shows loading a local keypair), which the agent may need to accept and embed verbatim in the POST /payments/transfer/execute request—effectively handling sensitive signature/private-key-derived data in its output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly requires calling the public API GET https://token-verification-dev-api.jup.ag/verifications/token/:tokenId and reads fields like rejectReason, description, and twitterHandle (potentially user-provided/untrusted text) to decide whether to stop, resubmit, or proceed with payments, so third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements a crypto payment flow. It provides specific endpoints to craft a payment transaction (/payments/transfer/craft-txn) that returns a base64-encoded unsigned transaction and payment details (receiverAddress, mint, amount), and an execute endpoint (/payments/transfer/execute) that accepts a user-signed transaction and broadcasts it (returning a transaction signature). The flow is for paying 0.1 JUP and includes fields like senderAddress, transaction, requestId, amount, and server co-signing — i.e., it is expressly designed to move cryptocurrency funds. This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category of Direct Financial Execution.