solana-payments-wallets-trading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly provides a sol fetch command that fetches arbitrary URLs and returns response bodies for programmatic use (see "Pay for APIs with x402" in SKILL.md and the detailed references/fetch-commands.md), meaning the agent will read untrusted third‑party web content which can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The setup recommends running "npx @solana-compass/cli@latest" (and/or installing via "npm install -g @solana-compass/cli"), which fetches and immediately executes remote code from the npm registry at runtime, satisfying the conditions for a risky external code execution dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to move money and execute financial operations on Solana. It includes concrete commands to send tokens (sol token send), swap/trade tokens (sol token swap, DCA, limit orders), place market/limit orders, stake/unstake SOL, lend/borrow and deposit/withdraw in yield vaults, provide liquidity and claim/withdraw LP positions, trade prediction markets (buy/sell/claim), and pay for resources via x402 (automatically signing USDC transfers). It also describes wallet management (local key files used for signing) and permissioned controls that gate these exact transactional commands. These are specific, direct financial execution capabilities (signing and submitting on-chain transfers and trades), not generic tooling.