rpc-selection-and-resilience

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs reading and interpreting data from public RPC endpoints and WebSocket streams (e.g., RPC_READ_PRIMARY / RPC_READ_FALLBACK / RPC_WS) and names third‑party providers like Alchemy/Helius/QuickNode, so it consumes untrusted, user-generated blockchain data from open public sources as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Solana RPC endpoints and how to configure/read/write via those RPCs. It defines RPC_WRITE endpoints, references submitting/writing transactions (priority fees, preflight, blockhash refresh, ALTs for txs), specific RPC methods (getLatestBlockhash, getMultipleAccounts, getProgramAccounts) and retry/failover behavior for transaction submission. These are concrete, blockchain-focused capabilities that directly enable on-chain transaction execution (moving crypto). This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.