light-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly creates RPC connections to third-party endpoints (e.g., Helius URLs via createRpc in SKILL.md and examples like examples/querying/fetch-accounts.ts) and repeatedly calls RPC methods (rpc.getCompressedTokenAccountsByOwner, getCompressedAccount, getValidityProof, etc.) to fetch public on-chain/user-generated data which the code then interprets to make decisions (balance checks, branching, minting, transfers), so untrusted external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a Solana token protocol SDK and guide. It provides concrete APIs and example code for creating mints, minting tokens, transferring tokens, compressing/decompressing tokens, creating token pools, wrapping/unwrapping tokens, approving delegates and delegated transfers, and RPC methods that submit transactions (e.g., createMint, mintTo, transfer, transferDelegated, createLightMint, wrapSpl, decompress). Those are direct crypto financial actions (minting/transferring tokens and submitting signed transactions), not generic tooling. Therefore it grants Direct Financial Execution capability.