create-python-x402-facilitator-bazaar

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains an apparent credential-like string (AVM_NETWORK: "algorand:SGO1GKSzyE7IEPItTxCByw9x8FmnrCDexi9/cOUJOiI=") and shows it being embedded directly in example configuration, which would require the LLM to reproduce a secret verbatim if it emits the example code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's client code calls client.extensions.discovery.list_resources() via HTTPFacilitatorClient against a public FACILITATOR_URL (e.g., https://x402.org/facilitator) and then reads/prints resource.url and resource.metadata, which clearly fetches and interprets arbitrary third‑party discovery metadata from public sources.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly built for payment-gated APIs and integrates blockchain payment mechanisms: it defines PaymentOption objects with pay_to/price/network, references an AVM (Algorand) network and AVM_ADDRESS, registers ExactAvmServerScheme(), processes payment_payload/payment_requirements via extract_discovery_info, and installs payment middleware for routes. These are specific, finance-focused APIs/mechanisms (crypto/blockchain payment handling) rather than generic tooling, so it grants direct financial execution authority.