solana-tx-building

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and consumes public, user-controlled data (e.g., Jupiter's public /swap-instructions API called in SKILL.md and references/common_instructions.md, plus on-chain transactions via getTransaction and simulateTransaction shown in scripts/decode_transaction.py and SKILL.md), and those third-party instructions/logs are parsed and incorporated into transaction-building and execution workflows — meaning untrusted content can directly influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on constructing and orchestrating Solana blockchain transactions and includes concrete, finance-moving operations: examples and instruction encodings for SOL transfers and SPL token transfers, creation of ATAs, a Jupiter swap flow (quote -> swap-instructions -> build tx), compute-budget/priority-fee handling, RPC calls for simulateTransaction and getTransaction, and a send_with_retry flow that calls send_transaction. Although the Safety notes say "Never sign or submit real transactions," the skill's primary and explicit purpose is building and preparing on-chain value transfers and swaps (crypto/blockchain financial operations). This meets the criteria for Direct Financial Execution capability.