polygon-agent-kit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's polygon-discovery SKILL.md explicitly instructs the agent to call external x402-api.onrender.com endpoints and to pass arbitrary article/tweet URLs to polygon-agent x402-pay (e.g., ?url= or tweet links), and its "How x402 Works" section states the 402 responses from those third-party endpoints drive automatic funding/signing and retry logic—meaning untrusted, user-generated web content is fetched and can directly influence tool actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for crypto financial operations. It includes wallet creation and private key storage, EOA signing (EIP-3009), and explicit transaction commands: send, send-native, send-token, swap, deposit, bridge/fund, and x402-pay. Those are direct blockchain/payment actions (building and broadcasting transactions, swapping tokens, depositing into protocols, and making micropayments). Under the core rule, this is a specific crypto/blockchain financial execution capability, so it must be flagged.