bondterminal-x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The CLI explicitly fetches data from a public API (default https://bondterminal.com/api/v1) and supports user-/env-overridable base URLs (BT_API_BASE_URL / --base-url), and it parses response bodies and headers (including PAYMENT-REQUIRED) to create signed payments and drive retries, so arbitrary third-party responses could materially influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements x402 pay-per-call payment flows: it requires an EVM private key (X402_PRIVATE_KEY) and the CLI "creates a signed payment" when a 402 PAYMENT-REQUIRED response is returned, then retries the call and emits settlement/transaction metadata. This is a specific crypto payment/signing capability (wallet signing of transactions) intended to move value for API calls, so it is direct financial execution functionality.