js-stellar-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's examples and APIs explicitly fetch and consume data from public Stellar endpoints and third-party domains (e.g., Horizon/RPC servers like "https://horizon-testnet.stellar.org" and "https://soroban-testnet.stellar.org", Federation.Server.resolve and StellarToml.Resolver.resolve, streaming .payments()/.transactions(), and rpcServer.getEvents()), which return public, user-generated/untrusted blockchain data that the agent is expected to read and interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Stellar blockchain SDK guide that shows how to create keypairs, build, sign, and submit payment transactions (TransactionBuilder, Operation.payment, tx.sign(keypair), server.submitTransaction). It also covers creating accounts, issuing assets, managing trustlines, DEX trading, multisig, fee-bump transactions, and interacting with smart contracts — all of which are specific crypto/blockchain financial operations capable of moving value. This is a specific financial execution tool, not a generic interface, so it grants direct financial execution capability.