solana-agent-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes public, user-generated third‑party content — for example it queries RPC providers/Helius and CoinGecko, reads on‑chain account and NFT metadata (arweave/HTTP URIs) in portfolioAnalysis/getTokenInfo/getAccountInfo flows, and supports executing arbitrary blink URLs via executeBlink — which the agent ingests and acts on as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to perform Solana blockchain financial operations. It exposes concrete actions/APIs for sending transactions and managing assets (e.g., deployToken, transfer, trade/swap, limitOrder, perpetualTrade, bridge, stake, sendCompressedAirdrop), includes wallet/private-key configuration and embedded wallet integrations (KeypairWallet, TurnkeyWallet, PrivyWallet), and provides autonomous execution (agent.execute, MCP tools like TRANSFER and TRADE). These are specific, purpose-built capabilities to move crypto funds, so it grants direct financial execution authority.