agentic-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and returns NFT metadata and tokenUri-resolved content from the public Agentic Gateway endpoints (see references/data-nft-api.md and references/data-portfolio-apis.md which include ownedNfts[].raw.metadata, tokenUri, image.originalUrl, etc.), i.e. arbitrary public/user-generated content the agent is expected to read and use, which can materially influence decisions or subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform crypto payments and wallet-based signing. It requires a wallet, instructs funding with USDC, shows commands to sign SIWE messages with a private key, and includes a payment flow using the x402 protocol (e.g., npx @alchemy/x402 pay, createPayment()), plus integration libraries for x402. These are specific blockchain/crypto payment capabilities (wallets, signing, and sending USDC payments), not generic tooling, so it grants direct financial execution authority.