solana-token-launcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and acts on open/public, user-generated token metadata and market data (e.g., token metadata/imageUrl from GET /api/tokens or launch responses referencing pump.fun, and DEX quotes/bundles from /api/arbitrage and /api/swap) which the agent is expected to read and which directly drive transaction-building and decision-making, creating a clear avenue for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a Solana DeFi toolkit with built-in crypto financial operations. It includes endpoints to launch/mint tokens (POST /api/launch), swap tokens via a Jupiter aggregator with POST /api/swap that returns a serialized transaction ready to sign and submit, and arbitrage endpoints that return ready-to-sign transaction bundles for cross-DEX trades. It also documents a self-funded launch flow that requires sending SOL to a platform wallet and supplying the transfer signature, and earnings are paid in SOL to registered wallet addresses (with an API to update the receiving wallet via ed25519 signature). These are specific, explicit crypto/blockchain capabilities (wallets, swaps, signing, on-chain transactions, transfers) — not generic tooling — so this grants Direct Financial Execution authority.