metaplex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and displays untrusted, user-generated NFT metadata and assets from public sources (e.g., Arweave URLs like "https://arweave.net/...", the irys uploader endpoints, and DAS-compatible RPC providers such as via umi.rpc.getAsset / getAssetsByOwner / getAssetsByGroup and getAssetWithProof), so the agent will read and interpret arbitrary third‑party content that could contain injected instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes — this skill explicitly exposes blockchain transaction and payment functions. The Metaplex guide includes concrete APIs and code to create/sign/send transactions that move value: minting with solPayment and tokenPayment guards, deposit/claim in Genesis (deposit SOL), mpl-hybrid swapNftToToken/swapTokenToNft, createEscrow, mintV1 (which charges SOL or tokens), transfer/burn, and usage of signers/wallet adapters (createSigner, keypairIdentity, createSignerFromKeypair) with .sendAndConfirm(umi) calls. These are specific crypto/blockchain operations (wallets, swaps, signing, sending payments) — i.e., direct financial execution capability.