marginfi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples and workflow explicitly connect to public Solana RPC endpoints (e.g., https://api.mainnet-beta.solana.com in SKILL.md and the example scripts) and use MarginfiClient.fetch, account.reload and oracle/bank reads (Pyth/Switchboard) so the agent ingests untrusted, public on-chain and oracle data which directly influences health calculations and automated borrow/withdraw/flash-loan actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated SDK for Marginfi, a Solana lending protocol, and it explicitly exposes functions and classes to perform on-chain financial actions: creating accounts, depositing collateral, borrowing assets, repaying debt, withdrawing collateral, executing flash loans, looping (leveraged deposits/borrows), and building/sending transaction instructions. It also uses wallet keypairs/NodeWallet and returns transaction signatures. These are specific crypto/blockchain financial execution capabilities (wallet signing and asset transfers), not generic tooling.