solana-ecosystem

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime scripts fetch and ingest public third‑party data (e.g., scripts/jupiter_quote.py calling https://api.jup.ag and scripts/solana_nft.py calling https://api-mainnet.magiceden.dev/v2) and the skill explicitly parses that untrusted marketplace/aggregator JSON to produce quotes, route decisions, market recommendations, and warnings that could materially influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically about Solana crypto operations and DeFi. It exposes named, domain-specific capabilities such as solana_balance (wallet balances), jupiter_quote (swap quotes from the Jupiter aggregator), and references to staking (Marinade), limit orders/DCA/perpetuals, SPL token management, and Solana RPC/SDK usage. These are concrete crypto/Blockchain financial functions (wallet balances, swaps, staking, token management) rather than generic tooling. Therefore it meets the criterion for Direct Financial Execution capability.