light-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly ingests public, untrusted third‑party content via ZK‑compression RPC calls (e.g., createRpc(...) pointing to https://*.helius-rpc.com) and repeatedly uses methods like getCompressedTokenAccountsByOwner and getTransactionWithCompressionInfo to fetch and interpret on‑chain/indexer data (and also links to public GitHub/Discord resources), so the agent will read user-generated/public content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a Solana token protocol SDK and guide. It provides concrete APIs and example code for creating mints, minting tokens, transferring tokens, compressing/decompressing tokens, creating token pools, wrapping/unwrapping tokens, approving delegates and delegated transfers, and RPC methods that submit transactions (e.g., createMint, mintTo, transfer, transferDelegated, createLightMint, wrapSpl, decompress). Those are direct crypto financial actions (minting/transferring tokens and submitting signed transactions), not generic tooling. Therefore it grants Direct Financial Execution capability.