helius

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes concrete examples that embed API keys and Bearer tokens directly in URLs, headers, and code (e.g., ?api-key=YOUR_API_KEY, 'Authorization': Bearer ${API_KEY}, apiKey: 'YOUR_API_KEY'), which requires the agent to insert secret values verbatim into outputs/commands and thus poses direct exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill makes runtime requests to Helius public RPC/DAS APIs (e.g., getAsset, getAssetsByOwner, getAssetsByCreator and enhanced transaction methods) and ingests NFT/token metadata and transaction payloads from public blockchain sources (user-generated/untrusted metadata and external URIs), which the agent is expected to read and interpret as part of its workflows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is an explicit Solana RPC/API integration (Helius) and includes RPC methods and example code that perform blockchain actions: getBalance, getAssetsByOwner, simulateTransaction, getPriorityFeeEstimate, and critically sendTransaction. It directly exposes functionality to construct and submit on-chain transactions (i.e., move crypto) and to query/manage wallet-related data. This is a specific crypto/blockchain execution capability, not a generic tool, so it grants Direct Financial Execution authority.