debridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly reads and acts on public, untrusted on-chain and user-provided data — e.g., the TypeScript client calls connection.getAccountInfo(bridge) and program.methods.view()/getLatestBlockhash to fetch on-chain accounts, and the Rust/TS message/external-call paths accept and process arbitrary external_call_data and submission_account claim data (docs/examples: deriveDeBridgeAccounts, sendMessage, init_external_call, and claim validation), which are public/user-generated and used directly in workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated SDK for deBridge cross-chain transfers and explicitly provides functions and APIs to move tokens and value: e.g., debridge_sending::invoke_debridge_send, invoke_debridge_send_signed (PDA-signed transfers), send_tokens, send_with_asset_fee, send_exact_amount, get_chain_native_fix_fee, add_all_fees, and TypeScript client code to build and submit send transactions. It also describes bridging assets between Solana and EVM chains, fee payment methods, and executing external smart-contract calls on destination chains. These are specific crypto/blockchain financial execution operations (wallet/transfer/bridging), not generic utilities.