pocketagent-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) shows the agent fetching and acting on public, untrusted blockchain and market data—e.g., using Helius RPC and Jupiter DEX for transaction/state data, CoinGecko for live prices, and reading transaction history/tokens (including arbitrary meme token mints)—which the agent reads and uses to make trading decisions (swaps/sniping), enabling indirect instruction influence.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill is explicitly a crypto wallet and trading tool for Solana: it creates/manages wallets, automatically signs transactions without human approval, sends SOL/payments, performs token swaps via Jupiter DEX, and supports autonomous trading (sniping, market orders, portfolio rebalances) on mainnet. These are direct crypto transaction and trading capabilities (moving value), not generic tooling.