solana-swaps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly fetches and parses quotes and swap transaction data from the external Jupiter API (https://api.jup.ag/swap/...), and the agent is instructed to read that JSON response and use it to build and execute on-chain swap transactions, so untrusted third‑party content can directly influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform crypto financial operations on Solana: it manages a wallet keypair, checks balances, requests swap quotes from the Jupiter API, builds a swap transaction, signs it with the wallet keypair, and submits the transaction. It lists environment variables for the private key path and Jupiter API key and provides concrete curl/CLI/node commands to execute swaps. This matches "Crypto/Blockchain (Wallets, Swaps, Signing)" in the Core Rule, so it grants direct financial execution authority.