solana-compression

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/client-integration.md explicitly instruct the client/agent to fetch compressed account data and validity proofs from public Helius/Photon RPC endpoints (e.g., createRpc('https://mainnet.helius-rpc.com?...'), helius.zk.getCompressedAccount, getValidityProof), which are untrusted, user-generated/indexer data the agent must read and that directly influence transaction-building and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Solana ZK-compressed tokens and includes concrete APIs/functions to create mints, mint tokens, and transfer tokens (e.g., createMint, mintTo, transfer), plus RPC calls that query and operate on token accounts and balances (Helius RPC, Photon, prover). Those are specific crypto/blockchain financial operations that can move value and manage tokens, not generic tooling. Therefore it grants direct financial execution capability.