metaplex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime code and documentation explicitly call the DAS API (e.g., umi.rpc.getAsset, getAssetsByOwner, getAssetWithProof) and fetch metadata/URIs from public Arweave URLs (https://arweave.net/...), which ingests untrusted, user-controlled web content that the agent reads and uses to drive actions such as transfers, mints, and other transactions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes — this skill explicitly exposes blockchain transaction and payment functions. The Metaplex guide includes concrete APIs and code to create/sign/send transactions that move value: minting with solPayment and tokenPayment guards, deposit/claim in Genesis (deposit SOL), mpl-hybrid swapNftToToken/swapTokenToNft, createEscrow, mintV1 (which charges SOL or tokens), transfer/burn, and usage of signers/wallet adapters (createSigner, keypairIdentity, createSignerFromKeypair) with .sendAndConfirm(umi) calls. These are specific crypto/blockchain operations (wallets, swaps, signing, sending payments) — i.e., direct financial execution capability.