solana-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to install and use the external "Solana MCP" server (e.g., via the provided claude mcp add --transport http solana-mcp-server https://mcp.solana.com/mcp command) and to "Always" consult its live Documentation Search and Expert tools as part of the workflow, meaning the agent will fetch and act on third‑party documentation/expert content that can materially influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent to add and use a live Solana MCP server at runtime via the command "claude mcp add --transport http solana-mcp-server https://mcp.solana.com/mcp", which fetches remote content used to provide live documentation/context to the agent and therefore can directly influence prompts and agent behavior (https://mcp.solana.com/mcp).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly for Solana blockchain development and includes concrete, crypto-focused execution capabilities: wallet connection and signing flows, APIs like createClient().use(signer(...)), signerFromFile()/generatedSigner(), transaction building/sending/confirmation UX, funding via airdropSigner, simulateTransaction, and actions like "create a token" and "deploy to devnet/mainnet". Those are specific crypto/blockchain signing and transaction-sending functions (i.e., direct ability to move on-chain funds/assets), so it meets the "Direct Financial Execution" criterion even though it adds guardrails about requiring user approval.