phantom-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and reference workflows (e.g., references/payments.md's PriceDisplay which fetches live prices from https://api.coingecko.com, and references/nft-minting.md which relies on public metadata URIs like https://arweave.net/metadata.json and public RPC endpoints) show the agent/app fetching and acting on open third‑party content that can directly influence payment amounts, transaction construction, or UX flows.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a wallet SDK for Solana that includes wallet connection, transaction signing and sending (e.g., the doc mandates using signAndSendTransaction), crypto payments, and NFT minting. It references transaction/payment flows and enforces spending limits and signing behavior. These are specific, built-in capabilities to create and send blockchain transactions and handle crypto payments, which constitute direct financial execution.