solana-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs the agent to add and use the Solana MCP server (see "claude mcp add --transport http solana-mcp-server https://mcp.solana.com/mcp" and "Run this command via the Bash tool at the start of the conversation" in SKILL.md), which fetches live, public third‑party documentation that the agent is expected to read and use to drive recommendations and actions, creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to run a Bash-tool runtime install of the Solana MCP server which fetches and registers external content used live by the agent (so it can control prompts/context): https://mcp.solana.com/mcp

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on Solana blockchain operations (dApp development, token creation, wallet connection, signing flows, transaction building/sending/confirmation, RPC clients). It names specific SDKs and APIs for transaction sending (e.g., @solana/kit createClient, RPC + transaction sending, simulateTransaction), and includes workflows for wallet signing and token/transfer functionality (Token-2022, create token, confidential transfers). Those are concrete crypto/blockchain capabilities (wallets, signing, sending transactions) that enable moving value on-chain, so this is direct financial execution capability.