sol-incinerator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and example code explicitly call and parse responses from the public API at https://v2.api.sol-incinerator.com (e.g., /burn/preview, /burn, /transactions/send) and require the agent to read those responses to decide whether to build, sign, and relay destructive transactions, so untrusted third-party responses could materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana blockchain integration for burning tokens/NFTs and closing token accounts, with endpoints to build, sign, and broadcast transactions (e.g., /burn, /close, /transactions/send, /transactions/send-batch). It also supports API key generation and partner fee fields. These are specific crypto/blockchain transaction capabilities designed to move/destroy on-chain assets and reclaim lamports, so it grants direct financial execution authority.