solana-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and consumes public third‑party content from Helius (e.g., getAssetsByOwner and enhanced transactions via https://mainnet.helius-rpc.com and https://api.helius.xyz) and Jupiter (https://api.jup.ag/*) — including token lists, swap quotes, balances and transaction history — which the agent reads and acts on, exposing it to untrusted/user-generated blockchain and marketplace data.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency financial operations. It provides wallet creation/import (private keys/seed phrases), key storage, balance checks, and—critically—transaction capabilities: sending SOL, sending SPL tokens, and executing token swaps via Jupiter (including endpoints and example code to build, sign, and send transactions). It references Helius RPC/sender endpoints and Jupiter swap APIs. These are specific crypto/blockchain transaction tools (wallet management, signing, and sending transactions), so it grants direct financial execution authority.