helius-dflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to consume live market and metadata from public third‑party endpoints — e.g., DFlow WebSockets (references/dflow-websockets.md), DFlow REST metadata/trade APIs (references/dflow-spot-trading.md, references/dflow-prediction-markets.md) and Helius DAS which includes off‑chain Arweave/IPFS metadata (references/helius-das.md) — and to use those feeds to drive trading decisions and transaction submissions, which clearly exposes the agent to untrusted third‑party content that can influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain financial operations on Solana: it describes spot token swaps, prediction-market trades, trading bots/HFT, and repeatedly mandates submitting transactions and orders via specific endpoints. It names concrete execution tools/APIs (DFlow Trade/API and DFlow /order, Helius Sender for transaction submission, priority fee APIs like getPriorityFeeEstimate, LaserStream for low-latency trading) and gives detailed rules for sending transactions (skipPreflight, Jito tip, ComputeBudgetProgram, always use Sender). These are specific payment/execution capabilities intended to move assets on-chain (execute trades, submit transactions), not generic tooling. Therefore it grants Direct Financial Execution authority.