jupiter-lend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md includes runtime workflows that query public, user-controlled on-chain data (e.g., client.vault.getAllUserPositions and other reads against the public RPC "https://api.mainnet-beta.solana.com") and then uses those results to decide and build transactions, so untrusted third-party content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes write SDK functions for moving funds on-chain: @jup-ag/lend (write) with operations like deposit, withdraw, borrow, repay, getOperateIx and getFlashloanIx. The docs include concrete examples that build, sign (Keypair/signer), and send transactions (connection.sendTransaction / VersionedTransaction), create/modify vault positions, execute flashloans, and use MAX_REPAY_AMOUNT / MAX_WITHDRAW_AMOUNT sentinels. This is a purpose-built financial integration for lending/borrowing on Solana (program IDs provided) and therefore grants direct financial execution capability.