@554/jupiter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's exports.py and SKILL.md clearly call public Jupiter and Solana RPC endpoints (e.g., https://lite-api.jup.ag via /ultra/v1/order, /trigger/v1/* and https://api.mainnet-beta.solana.com) to fetch quotes, transactions, and order data which the agent reads and then uses to decide/prepare actions (signing and broadcasting), so untrusted third‑party responses can materially influence tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana DEX aggregator with dedicated functions to perform on-chain token swaps and manage limit orders. It exposes specific crypto-financial APIs: jupiter_swap (quote + transaction when wallet provided), jupiter_execute_swap (broadcast swap), jupiter_broadcast_tx (broadcast signed transactions for limit orders/cancels), jupiter_limit_create, and jupiter_limit_cancel. The workflows require wallet pubkeys, signing (wallet_sol_sign_transaction), and broadcasting signed transactions to move tokens and update orders. These are clear, purpose-built mechanisms to execute financial transactions on-chain (crypto/blockchain), so it grants direct financial execution capability.