solana

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The setup_e2e.sh in SKILL.md directly runs sh -c "$(curl -sSfL https://release.anza.xyz/stable/install)", which fetches and executes a public third-party installer script (release.anza.xyz) as part of the required workflow, exposing the agent to untrusted remote content that can change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The setup script executes remote code at runtime via sh -c "$(curl -sSfL https://release.anza.xyz/stable/install)", which fetches and runs external installer for Agave and is a required dependency for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides blockchain wallet and transaction capabilities: shell commands to generate keypairs, airdrop SOL, create/mint SPL (USDC) tokens and token accounts (spl-token create-token/create-account/mint), plus Rust code that constructs, signs, and sends a transfer transaction via the Solana RPC client (send_and_confirm_transaction) and verifies token balance changes. These are specific crypto/blockchain operations that create, sign, and move funds—i.e., direct financial execution.