pnp-markets-solana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and acts on untrusted public content (tweets, YouTube links, DeFiLlama metrics and other external "resolution_sources") — e.g., SKILL.md and references/api-reference.md describe createMarketTwitter/createMarketYoutube/createMarketDefiLlama and the proxy-assisted flow using fetchSettlementCriteria / fetchSettlementData / waitForSettlementCriteria (and a proxy server AI resolution) whose suggested answer is then used to call settleMarket or setMarketResolvable, so third‑party content can directly influence on‑chain actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides wallet-based on-chain financial operations on Solana: it requires a private key / agent wallet, uses USDC/SPL tokens as collateral, and exposes write methods that send transactions and move funds (e.g., market.createMarket, createMarketWithCustomOracle, trading.buyTokensUsdc, trading.sellTokensBase, buyV3TokensUsdc, settleMarket, redeemPosition, createP2PMarketGeneral). These are concrete crypto transaction primitives (wallet signing, token transfers, locking/unlocking collateral, settling/redemption) — not generic tools — so it grants direct financial execution authority.