subsystem-summary-of-soroban-env

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Host explicitly reads and executes user-provided Wasm modules and ledger entries (e.g., "Storage" ledger entry types including ContractCode, "ModuleCache" built from host storage, and the VM that loads/instantiates Wasm), which are untrusted third-party/user-generated content that the runtime parses and executes and can thus influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is a specialized host environment for executing Soroban (Stellar) smart contracts and explicitly exposes ledger-level primitives and built-ins for assets and accounts. It documents: ledger entry types (Account, Trustline), Storage that mediates ledger get/put/del, the e2e_invoke entrypoint that runs host functions and returns ledger changes, fee computation and transaction resources, an AuthorizationManager (require_auth), contract lifecycle (create_contract_internal), and built-in Stellar Asset Contract modules (balance, allowance, admin, etc.). It also includes crypto signing/verification primitives. These are specific blockchain/financial execution capabilities (moving/recording balances, creating contracts, producing ledger diffs), not generic tooling, and therefore constitute direct financial execution authority.