orca

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime examples and APIs call public RPC endpoints and fetch on-chain, user-generated pool and position data (e.g., setRpc("https://api.mainnet-beta.solana.com") and functions like fetchConcentratedLiquidityPool, fetchWhirlpoolsByTokenPair, and fetchPositionsForOwner), so the agent ingests untrusted third-party content from the open Solana network.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana/Eclipse DEX SDK guide that provides direct crypto transaction capabilities. It includes functions to load wallets (setPayerFromBytes, Keypair.fromSecretKey), build and send transactions (swap that "builds and sends", whirlpool.swap().buildAndExecute(), sendTx callback), and full lifecycle actions for assets: token swaps, opening/increasing/decreasing/closing liquidity positions, fee harvesting, and pool creation. It also exposes RPC, program IDs, and transaction/funding configuration. These are concrete crypto/Blockchain operations (wallet handling, signing, and sending transactions) — i.e., direct financial execution.