kamino

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads and acts on live public third‑party data (e.g., SKILL.md and examples create a Connection to https://api.mainnet-beta.solana.com and call scope.getPrice / getOraclePrices which aggregate Pyth/Switchboard/TWAP/CLMM prices, and kamino.getStrategies/getStrategyByAddress), and that external oracle/RPC data is used in decision logic (health checks, borrow/repay, leverage, and obligation orders), so untrusted third‑party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a DeFi SDK for Solana (Kamino) and includes concrete APIs and code examples that build, sign, and submit blockchain transactions to move funds. Examples show using Keypair wallets and functions such as KaminoAction.buildDepositTxns, buildBorrowTxns, buildRepayTxns, buildWithdrawTxns, buildLiquidateTxns, getLeverageDepositIxns/getLeverageWithdrawIxns, createLtvBasedOrder/createPriceBasedOrder, kamino.deposit/withdraw, and direct calls to sendAndConfirmTransaction / VersionedTransaction. These are wallet-based crypto transaction operations (signing and sending on Solana) and therefore constitute direct financial execution (crypto/blockchain wallet actions and asset transfers).