eliza

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly connects to public platforms (Platform Connectors: Discord, Telegram, Twitter, Farcaster) and documents that the agent ingests conversation content into memory/evaluators and uses providers/actions (e.g., evaluators, RAG/memory, plugin-solana actions like SEND_TOKEN/SWAP_TOKEN), so untrusted user-generated posts/mentions can be read and materially influence agent decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit onchain financial execution capabilities. It documents a native Solana integration via @elizaos/plugin-solana with wallet management and token operations, lists environment vars for SOLANA_PRIVATE_KEY and SOLANA_RPC_URL, and enumerates actions that perform transfers and onchain operations (SEND_TOKEN, SWAP_TOKEN, STAKE_SOL). Those are concrete APIs/functions to sign and send transactions (transfer tokens, swap via aggregator, stake SOL), not generic tooling. This meets the "Crypto/Blockchain (Wallets, Swaps, Signing)" criterion for Direct Financial Execution.