helius-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly ingests public, user-generated content from Helius endpoints (e.g., DAS getAsset/getAssetsByOwner returning content.json_uri, metadata.description, links.external_url in references/das_api.md and the Enhanced Transactions / webhooks APIs returning parsed "description" and event payloads referenced in references/enhanced_transactions.md and references/webhooks.md) which the provided runtime scripts (scripts/wallet_analysis.py and scripts/token_lookup.py) read and analyze as part of their workflow, so untrusted third‑party data can materially influence analysis, branching, and subsequent actions.