build-defi-protocol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires testing against forked mainnet state via Surfpool and shows code fetching public on-chain accounts (e.g., real Raydium pool reserves and Pyth feed via connection.getAccountInfo and program.account.pool.fetch) — untrusted public third-party content that the agent is expected to read and that can materially influence decisions and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly and specifically designed to build on-chain DeFi protocols on Solana. The workflow and non‑negotiables call out value-moving program instructions (deposit, withdraw, swap, borrow, repay), custody vaults and PDA-controlled authorities, oracle validation for price-sensitive operations, emergency pause/authority and multisig control, and testing against mainnet liquidity — all of which are directly about creating smart-contract code that will move and manage real crypto assets. It therefore qualifies as a direct crypto/blockchain financial execution capability (not a generic tool).