solana-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs use of external RPC endpoints and tools that fetch and interpret live, public on-chain and web content — e.g., references/confidential-transfers.md shows client.get_account()/RPC reads and act on account data, and surfpool.md/ surfpool-cheatcodes.md describe lazy fetching from remote RPCs and an "MCP server" exposing surfnet operations as tool calls for AI agents — so the agent would consume untrusted, public third‑party content that can change its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about Solana blockchain development and includes concrete, finance-moving capabilities: "Wallet connection + signing flows", "Transaction building / sending / confirmation UX", explicit mention of "fee payer + recent blockhash", "signers", and "token transfers" (including "Confidential transfers (Token-2022 ZK extension)"). It also references concrete crypto SDKs/types (e.g., Signer, transaction message APIs, @solana/kit, @solana/web3-compat) and a "Payments" reference. These are specific, crypto-native tools and flows designed to build and send on-chain transactions (i.e., move value), not generic tooling, so it grants Direct Financial Execution authority.