create-typescript-x402-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill wraps fetch/axios (wrapFetchWithPayment / wrapAxiosWithPayment) to make requests to arbitrary URLs (e.g., fetchWithPay("https://api.example.com/...")) and explicitly parses 402 response bodies/headers from those remote servers as part of its payment workflow, so it ingests and interprets untrusted third‑party HTTP content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain payments: it builds clients that detect 402 Payment Required, construct and sign Algorand transaction groups, requires an Algorand wallet/private key and USDC balance, and encodes/sends payment proofs (e.g., ClientAvmSigner, algosdk.signTransaction, AVM_PRIVATE_KEY, wrapFetchWithPayment/wrapAxiosWithPayment). These are direct crypto/blockchain payment operations (signing and submitting transactions), so it grants direct financial execution capability.