use-agently

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the CLI to fetch and interpret data from the public Agently marketplace and MCP servers (e.g., use-agently agents, use-agently a2a card --uri , use-agently mcp tools --uri ), which are untrusted third‑party sources whose agent/tool descriptions and cards the workflow explicitly tells the agent to read and then act on (including calling tools and authorizing payments), enabling indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages and uses a crypto wallet and on-chain payments. It creates an EVM private key (init), requires funding with USDC on Base, exposes balance/whoami diagnostics, and provides protocol commands with a --pay flag that "authorize the payment and proceed" (micropayments, transaction costs shown in USDC, and sending transactions). These are specific crypto/blockchain payment capabilities (wallet creation, signing/sending transactions), not generic tooling — therefore it grants direct financial execution authority.