quicknode

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted, user-generated blockchain and metadata content from public third-party endpoints (e.g., Quicknode RPC/DAS API via fetch calls in SKILL.md and examples, Yellowstone gRPC streams in resources/yellowstone-grpc-reference.md, Streams/webhooks in resources/streams-reference.md and resources/webhooks-reference.md, and IPFS URLs) and the documentation shows the agent is expected to parse and act on that content (filter functions, qnLib dynamic watchlists, stream/webhook-driven processing), so third-party content can materially influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes crypto financial execution features. It documents Metis/Jupiter Swap integration with methods to get swap quotes and POST a swap transaction (createJupiterApiClient, quoteGet, swapPost) — i.e., building/executing token swaps. It also documents x402 pay-per-request RPC that demonstrates using a private key/wallet client (privateKeyToAccount, createWalletClient, wrapFetch) to sign and pay USDC micropayments automatically. These are specific wallet/swap/signing/payment capabilities (not generic HTTP or browse actions), so they qualify as direct financial execution.