solana-compression

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes code examples that embed API keys directly (e.g., RPC URLs with ?api-key=YOUR_KEY and new Helius('YOUR_API_KEY')), which instructs placing secrets verbatim into requests/code and therefore requires the LLM to handle secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/client-integration.md explicitly instruct the client/agent to fetch compressed account data and validity proofs from public Helius/Photon RPC endpoints (e.g., createRpc('https://mainnet.helius-rpc.com?...'), helius.zk.getCompressedAccount, getValidityProof), which are untrusted, user-generated/indexer data the agent must read and that directly influence transaction-building and subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Solana ZK-compressed tokens and includes concrete APIs/functions to create mints, mint tokens, and transfer tokens (e.g., createMint, mintTo, transfer), plus RPC calls that query and operate on token accounts and balances (Helius RPC, Photon, prover). Those are specific crypto/blockchain financial operations that can move value and manage tokens, not generic tooling. Therefore it grants direct financial execution capability.