magicblock

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's TypeScript clients and templates explicitly connect to public RPC endpoints (https://api.devnet.solana.com, https://devnet.magicblock.app, https://devnet-router.magicblock.app) and use Connection.getAccountInfo, onAccountChange, onLogs, and program.account.fetch to read and decode arbitrary on-chain account data (public, user-controlled) as part of normal workflows, which is untrusted third-party content the agent ingests and interprets.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for interacting with the Solana blockchain (MagicBlock Ephemeral Rollups). It includes API/SDK calls and code examples that perform blockchain operations: creating accounts, delegating account ownership, committing state, undelegating, and sending transactions via Anchor/ephemeral_rollups_sdk and web3.js (e.g., delegate_account/commit_accounts, AnchorProvider, Connection, wallet.publicKey, requestRandomness). These are specific crypto/blockchain transaction functions (wallet usage, transaction submission, account transfers), so the skill grants direct financial execution capability.