eth-to-sol

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The SKILL.md explicitly requires calling the Solana Developer MCP rust_autofixer at runtime (https://mcp.solana.com/mcp) and applying its suggested fixes to the emitted Rust source, so external content from that URL would directly control code edits/agent behavior during the skill's execution.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly focused on translating token/financial smart contracts to Solana, and mandates use of Solana token primitives and CPIs that perform token movement and PDA signing. It references SPL Token (mint, ATA), token::transfer via CPI, vault/AMM/4626 protocols, CPI signing (CpiContext::new_with_signer), PDA-derived accounts that the program will sign for, and guidance around custody, vaults, and lending markets. These are concrete blockchain financial execution operations (token transfers, program-driven wallet/pda signing, vault/AMM behavior), not generic tooling — so the skill grants direct crypto/financial execution capability.