solana-agent-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on external, user-controlled content — e.g., the Blinks plugin's executeBlink accepts an arbitrary blinkUrl to fetch/execute remote content and NFT actions accept URIs (e.g., arweave.net) plus external APIs (CoinGecko/Helius/RPC) that the agent reads and can use to drive on-chain actions — exposing it to untrusted third-party instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built to perform Solana blockchain financial operations. It exposes concrete actions/APIs for sending transactions and managing assets (e.g., deployToken, transfer, trade/swap, limitOrder, perpetualTrade, bridge, stake, sendCompressedAirdrop), includes wallet/private-key configuration and embedded wallet integrations (KeypairWallet, TurnkeyWallet, PrivyWallet), and provides autonomous execution (agent.execute, MCP tools like TRANSFER and TRADE). These are specific, purpose-built capabilities to move crypto funds, so it grants direct financial execution authority.