solana-game

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly fetches and ingests untrusted public content as part of its runtime workflows (e.g., unity-sdk.md's NFTManager.LoadNFTTexture uses UnityWebRequestTexture.GetTexture(uri) and Nft.TryGetNftData, and multiple files call Web3.Rpc.GetAccountInfoAsync / load metadata from Metaplex or external URIs), so third‑party NFT/URI content the agent reads can materially change in-app behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly targets Solana blockchain operations: wallet integration (Phantom, Solflare, InGame, Web3Auth, Mobile Wallet Adapter), transaction building and signing (C# TransactionBuilder), token economics/in-game currencies, token transfers, in-game purchases/payments, DeFi integration, and references a payments.md for commerce and rollups. These are specific crypto/financial capabilities (wallets and signing transactions) intended to move value, not generic tooling, so it grants direct financial execution authority.