solana-pay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill queries public Solana RPC endpoints (e.g., the Verify Payment by Reference and polling examples defaulting to https://api.mainnet-beta.solana.com) and reads/parses on-chain transaction data (including memos/messages and transaction JSON), which is user-generated public content the agent is expected to interpret as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana payments integration: it builds Solana Pay payment URLs and QR codes, references specific SPL token mint addresses, requires a merchant wallet keypair (SOLANA_KEYPAIR_PATH), and includes concrete code that constructs blockchain transfer transactions (SystemProgram.transfer), serializes transactions for signing, and provides server endpoints to return transactions for wallets. These are not generic utilities — they are specifically designed to move crypto funds (create/send/verify on-chain payments and use merchant keys). Therefore it grants direct financial execution capability.