meteora

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md clearly instructs runtime fetching of public third-party data — e.g., Solana RPC endpoints in the Quick Start/connection examples (https://api.mainnet-beta.solana.com), Jupiter API usage in the Zap SDK (JUPITER_API_URL/JUPITER_API_KEY), and external metadata URIs (e.g., arweave URIs used in createPool) — and the agent is expected to read those on-chain/API responses (fetchPoolState, getBuyQuote, getJupiterQuote, getVaultState, monitorVault, migration checks, etc.) to make decisions like swaps, migrations, and rebalances, so untrusted third‑party content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a DeFi SDK suite for Solana with explicit on-chain financial operations. It exposes functions and CLI commands that create pools, execute swaps, buy/sell on bonding curves, deposit/withdraw funds, stake/unstake, claim rewards/fees, fund rewards, migrate/liquify pools, and send signed transactions (e.g., dlmm.swap, cpAmm.swap, dbc.buy/sell, vault.deposit/withdraw, m3m3.stake/claim, zap.zapIn/zapOut, meteora-invent create/seed-liquidity commands). These are direct crypto/blockchain financial actions that move value and require wallet signing — i.e., direct financial execution capability.