polygon-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch public, user-generated content via the x402-api (e.g., Read Twitter/X Profile at https://x402-api.onrender.com/api/twitter, Web search/Google News endpoints, and Article → Markdown via ?url=), so the agent will ingest untrusted third‑party web/social content that could materially influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs on‑chain token payments from the agent's smart wallet. It requires creating/using a wallet (polygon-agent wallet create/list/address/balances), funds USDC, and the x402-pay flow automatically funds the EOA, signs an EIP-3009 payment authorization, and retries the request. Those are direct crypto payment/signing operations (moving USDC) rather than generic HTTP or browsing actions, so it grants direct financial execution capability.