switchboard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly ingests and acts on open/public third-party content — e.g., SKILL.md's "Creating Custom Feeds" (ondemand.switchboard.xyz) and examples like examples/pull-feed.ts and examples/feeds/oracle-quote.ts which instantiate CrossbarClient (https://crossbar.switchboard.xyz), fetch oracle responses/httpTask URLs, and subscribe to Surge (wss://surge.switchboard.xyz); those external, potentially user-configured data sources are read and directly used to build transactions and drive program logic, so untrusted content can materially influence tool use and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a Solana-focused SDK for on-chain oracle integration and explicitly includes blockchain transaction construction, signing (wallet/Keypair), and sending (connection.sendTransaction / asV0Tx). It provides program IDs, examples that build and submit transactions, and APIs to create/update feeds and randomness accounts on mainnet. Because it includes explicit crypto/blockchain operations (wallet signing and sending transactions) and is intended for DeFi price feeds (financial on-chain use), it constitutes direct crypto execution capability.