jito-bundles

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's live workflows and scripts explicitly fetch and parse data from public Jito block-engine endpoints (e.g., getTipAccounts via mainnet.block-engine.jito.wtf in fetch_tip_accounts / fetch_tip_accounts_live and getBundleStatuses in check_bundle_status.py and SKILL.md), and those untrusted third‑party responses are used to choose tip accounts, tip sizing, and retry/submit decisions—so external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to construct and submit Solana transaction bundles that include SOL transfers as tips, sign transactions, and call block-engine JSON-RPC endpoints (e.g., /api/v1/bundles with the sendBundle method). It includes concrete code for creating signed transactions, transferring lamports to tip accounts, and submitting those transactions to remote endpoints — i.e., it performs on-chain transfers and transaction submission (crypto/blockchain financial operations). This matches the "Crypto/Blockchain (Wallets, Swaps, Signing)" category, so it provides direct financial execution capability.