build
Fail
Audited by Snyk on May 18, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.80). The prompt explicitly instructs configuring and using API keys (e.g., "Use setHeliusApiKey with their key" and SDK examples with apiKey fields), which can require the agent to accept and embed user API keys verbatim in tool calls or generated code, creating an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to call the DAS API and GET asset endpoints which include off-chain metadata from Arweave/IPFS (see references/das.md and SKILL.md "Get All Assets for a Wallet" / "Get a Single Asset" / "NFT detail pages"), meaning the agent will ingest and act on arbitrary public, user-generated content that could contain injected instructions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly provides and instructs use of transaction-sending and token-transfer functionality on Solana: it documents Sender endpoints, MCP tools like transferSol and transferToken, swap APIs (DFlow, Jupiter, Titan), and rules that “ALWAYS use Helius Sender endpoints for transaction submission.” It also describes agentic signup and funding flows that require on-chain payments (fund wallet with SOL/USDC) and billing/payment actions (payRenewal, upgradePlan, agenticSignup). These are specific, built-in financial execution primitives (sending transactions, transferring tokens, performing swaps, and on-chain payments), not generic tooling. Therefore it grants Direct Financial Execution Authority.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata