mev-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime scripts (scripts/mev_risk_estimator.py and scripts/sandwich_detector.py) explicitly fetch and parse live data from public third‑party endpoints (DexScreener, CoinGecko, public Solana RPC and optional Helius/Jito block engine URLs) and then use that untrusted, user-generated on‑chain and market data to produce risk assessments and protection actions (recommendations, bundle submissions, trade-splitting plans), so external content can materially influence agent decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill contains explicit crypto/blockchain transaction execution capabilities. It provides concrete APIs and functions to submit signed transactions and pay on-chain tips (e.g., submit_jito_bundle posting signed_transactions to the Jito block engine with tip_lamports), references to Jupiter swap execution parameters (prioritizationFeeLamports, dynamic slippage) and private RPC/TPU submission methods. These are specific mechanisms for sending transactions and moving crypto value, not generic tooling.