raydium

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill programmatically fetches and consumes open, public third-party data — e.g., token lists and pool/launch data from the Raydium Data API (https://api-v3.raydium.io endpoints like /mint/list, /pools/info/ids, launchLab endpoints) and external metadata URIs (Arweave/IPFS) — and the agent is expected to read and act on that data as part of its workflows, so it is exposed to untrusted, user-generated content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated Raydium Protocol integration guide and SDK reference for Solana DeFi. It explicitly exposes operations that move funds and control crypto assets: token swaps, add-liquidity (deposits), pool creation, LaunchLab token launches, farming/staking, and a Trade API that returns serialized transactions. Example code shows Keypair.fromSecretKey usage and execute({ sendAndConfirm: true }) calls to sign and submit transactions. These are explicit crypto wallet/transaction capabilities (wallet signing + sending on-chain transactions), i.e., direct financial execution.