solana-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's backend workflows explicitly fetch and process public, user-controlled blockchain and web API data (e.g., backend-async.md shows RpcClient calls and index_transactions that call get_signatures_for_address..., and ecosystem.md shows fetching Helius APIs), so the agent is expected to ingest untrusted, third‑party user-generated content (on‑chain data / public RPC responses) that can materially influence subsequent processing and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana dApp development playbook: it covers wallet connection and signing flows, transaction building/sending/confirmation UX, fee payer/recent blockhash, signers, token transfers, and references payment flows (payments.md / Commerce Kit, Kora). These are specific crypto/blockchain capabilities that enable constructing, signing, and sending on-chain transactions — i.e., direct financial execution on the Solana network.