quicknode-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (SKILL.md and references/ipfs-reference.md, marketplace-addons.md and Solana DAS examples) explicitly instructs fetching and parsing untrusted, user-generated content—e.g., NFT metadata via qn_fetchNFTs/getAssetsByOwner and retrieving arbitrary files via the IPFS gateway—and processing that data in Streams filter functions and SDK-driven logic, so third-party content can directly influence decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes blockchain payment and execution capabilities. It includes:
• Swap execution via the Metis/Jupiter Swap API (quote + swapPost) — a concrete API for token swaps.
• x402 and MPP pay-per-request flows that require creating a wallet client/private key (privateKeyToAccount, createWalletClient, wrapFetch) and perform on-chain payments (stablecoin payments/402 challenges) automatically.
• Hyperliquid/HyperCore Info APIs and stream types covering orders, trades, deposits, withdrawals, and "writer actions" (system-level token transfers) — explicit market/order and transfer primitives.
• References to account-based auth (SIWE), credit drawdown, and payment receipts.

These are specific, named tools/APIs for crypto wallet usage, signing, swaps, payments, market orders and token transfers — i.e., direct financial execution authority.