helius

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests and acts on untrusted, public third-party content — e.g., SKILL.md and examples/webhooks/README.md show creating webhooks and processing webhook payloads from arbitrary on-chain events, and examples/fetch-nfts and resources/das-api.md show fetching NFT metadata (json_uri, Arweave/IPFS URIs) and parsing those external resources to drive alerts and actions (e.g., handleNFTSale, Discord alerts), which can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specialized SDK for Solana with explicit transaction- and funds-related APIs. It includes methods to build/sign/send transactions (helius.tx.sendSmartTransaction, send-optimized transaction examples), staking operations (createStakeTransaction, createUnstakeTransaction), and priority-fee/transaction signing helpers. These are specific crypto/blockchain execution capabilities that can move funds on-chain (sign/send transactions and manage stakes), so it grants direct financial execution authority.