create-typescript-x402-facilitator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly extracts and catalogs discovery metadata provided in paymentPayload/paymentRequirements (see extractDiscoveryInfo used in facilitator.onAfterSettle and the /discovery/resources API, plus withBazaar/HTTPFacilitatorClient listResources), meaning it ingests and serves untrusted third-party resource URLs/metadata from external resource servers that the agent reads and interprets.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to verify and settle on-chain Algorand payments. It requires an Algorand account and private key, uses algosdk for transaction signing, simulation, and submission (signTransaction, sendTransactions/sendRawTransaction, waitForConfirmation), and implements a FacilitatorAvmSigner that co-signs and sends fee-payer transactions. These are direct crypto/blockchain wallet and transaction execution capabilities, so it grants direct financial execution authority.