jupiter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill makes live requests to the public Jupiter API (https://lite-api.jup.ag) — see SKILL.md and exports.py/_get/_post (and scripts/jupiter_ops.py) — and directly reads returned quote/order/transaction fields (including transaction base64, requestId, and next_step) that the agent is expected to act on (sign/execute), so third-party responses can materially influence subsequent tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana DEX aggregator designed to perform on-chain crypto financial operations: it provides endpoints for creating and executing swaps (GET /ultra/v1/order and POST /ultra/v1/execute), creating/canceling limit orders (POST /trigger/v1/createOrder, cancelOrder), and instructs signing and broadcasting transactions (wallet_sol_sign_transaction, broadcast signed tx) and verifying balances. These are specific crypto wallet, swap, and order APIs intended to move funds on-chain, not generic tooling. Therefore it grants direct financial execution capability.