inco-svm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly reads public on-chain account data and covalidator responses (e.g., examples/confidential-spl-token/reveal-balance.ts uses connection.getAccountInfo/getProgramAccounts and calls @inco/solana-sdk/attested-decrypt), and those decrypted plaintexts and Ed25519 instructions are then used to build/submit transactions and on-chain verification, so untrusted third‑party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana confidential-compute SDK and program for handling encrypted token balances and confidential SPL tokens. It defines and documents on-chain and client-side APIs for minting, transferring, approving, and otherwise manipulating tokens (e.g., initialize_mint, create_account, mint_to, transfer, approve), example client calls that perform transfers, and integration with wallets/signatures. These are direct crypto/blockchain financial operations (token transfers and minting), so it provides direct financial execution capability.