pnp-markets-solana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly ingests public third‑party content (tweet/youtube URLs and DeFiLlama metrics via createMarketTwitter/createMarketYoutube/createMarketDefiLlama) and polls/fetches AI settlement data (fetchSettlementCriteria, fetchSettlementData, waitForSettlementCriteria and the "proxy-assisted" settlement flow in SKILL.md) which the agent reads and then uses to call settleMarket, so untrusted external content can directly influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes — this skill explicitly grants direct crypto financial execution authority. It is a Solana prediction-market SDK that requires a private key / wallet and RPC endpoint, exposes methods that create on-chain markets, place trades (buy/sell outcome tokens), create P2P bets, settle markets (oracle signing), and redeem winnings. Examples and methods include market.createMarket, createMarketWithCustomOracle (agent wallet as settler), trading.buyTokensUsdc, trading.sellTokensBase, buyV3TokensUsdc, createP2PMarketGeneral, setMarketResolvable, settleMarket, redeemPosition, and scripts that require PRIVATE_KEY and return transaction signatures. Those are concrete blockchain transaction operations (signing and sending transfers/orders) — i.e., direct crypto/blockchain execution capability.