solana-trader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches and parses live, public blockchain and market data from open third-party endpoints (e.g., public Solana RPC like https://api.mainnet-beta.solana.com, Jupiter API at api.jup.ag, and Helius/Shyft transaction APIs), which return arbitrary on-chain/user-generated transaction content that the agent is expected to read and interpret (transaction history, quotes, and token metadata), creating a clear vector for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a cryptocurrency wallet and trading tool for Solana. It requires a wallet keypair and RPC/API keys, uses the Jupiter aggregator's quote and swap APIs, constructs swap transactions, signs and submits transactions, and includes commands to send SOL and SPL tokens. These are direct crypto financial operations (wallet management, swapping, and sending funds), not generic tooling. Therefore it grants Direct Financial Execution capability.