phantom-connect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime examples explicitly fetch and ingest public third-party content — e.g., PriceDisplay calls https://api.coingecko.com for live rates, NFT metadata and images reference https://arweave.net, and browser-sdk wallet discovery can surface external wallet icons/metadata — meaning untrusted/user-generated web content would be read and rendered by the app.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Phantom Connect SDK for Solana wallet integration and repeatedly references crypto-specific capabilities: wallet connections, signing messages and transactions, NFT minting, and "crypto payment flows" plus transaction patterns and Solana network support. These are concrete blockchain/wallet APIs that enable creating and signing on‑chain transactions (i.e., moving crypto). This is a specific financial execution capability (crypto/wallet signing), not a generic tool, so it should be flagged.