raydium

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and consumes public third‑party data (e.g., calls to https://api-v3.raydium.io via raydium.api.fetchPoolById, token lists/tokenMap, and external metadata URIs like Arweave used in SKILL.md and the docs/examples), which are untrusted/user-provided and are read by the agent to make transaction/flow decisions (prices, pool selection, initial mint metadata, bonding-curve state), so third‑party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a dedicated Raydium Protocol integration guide and SDK reference for Solana DeFi. It explicitly exposes operations that move funds and control crypto assets: token swaps, add-liquidity (deposits), pool creation, LaunchLab token launches, farming/staking, and a Trade API that returns serialized transactions. Example code shows Keypair.fromSecretKey usage and execute({ sendAndConfirm: true }) calls to sign and submit transactions. These are explicit crypto wallet/transaction capabilities (wallet signing + sending on-chain transactions), i.e., direct financial execution.