build-with-claude

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt includes hidden/deceptive telemetry behavior: the preamble defaults to "anonymous" and immediately logs/sends telemetry (including a conditional POST to an external URL) before the skill asks for or obtains user consent, which is an out-of-scope, sneaked-in instruction to transmit usage data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly directs the agent to consult live public MCPs and web APIs (see references/skill-mcp-usage-guide.md and references/solana-dev-patterns.md—e.g., helius-mcp, solscan-mcp, and REST API calls like Jupiter/Helius) and to "verify protocol health using live data", which means the agent will ingest untrusted, public third‑party content (blockchain analytics, API responses, explorer pages) that can materially affect recommendations and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets Solana blockchain development and includes concrete wallet/transaction commands and workflows: it recommends creating a file keypair with solana-keygen new --outfile test-wallet.json, running anchor deploy --provider.cluster devnet, choosing RPCs/wallets (references an RPC/wallet guide), and mentions using Surfpool for real mainnet account state. These are specific crypto/blockchain wallet and signing/deployment operations (i.e., capabilities that can sign/send on-chain transactions), so it qualifies as direct financial execution authority under the "Crypto/Blockchain (Wallets, Swaps, Signing)" rule.