pay-for-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs calling arbitrary x402-enabled API endpoints via npx agnic x402 pay "" and ingesting their JSON responses as part of the workflow, so the agent will fetch and act on untrusted third-party content from user-supplied URLs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill runs "npx agnic@latest" in its runtime examples, which fetches and immediately executes remote npm package code from the registry (i.e., externally fetched code is required and executed), so it relies on and runs untrusted remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly performs payments: it uses AgnicPay/x402 CLI commands to check balance and send paid x402 requests (including POST bodies), returns a transactionHash and cost, and references a network. Its primary purpose is to execute payments/transactions, so it grants direct financial execution authority.