scaffold-project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs the agent to verify protocol health using DefiLlama (Workflow steps 2–3) and references public sites/GitHub templates, meaning it fetches and interprets open third‑party content that can materially influence stack and tooling decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs commands that fetch and execute remote packages/repos during runtime (e.g., npx create-solana-dapp which maps to https://github.com/solana-foundation/create-solana-dapp), so external code is downloaded and executed as part of the scaffold workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets Solana projects and names crypto-specific protocols and wallet SDKs (Jupiter for swaps, Kamino for lending, Orca for liquidity; Privy, Unified Wallet Adapter, Phantom). It also includes actionable crypto commands (e.g., "solana airdrop 5") and RPC configuration for transaction signing. These are specific blockchain/crypto integrations (wallets, swaps, signing, funding) that enable direct financial operations, so it meets the "Direct Financial Execution" criteria.