teach-algorand-x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's client and server examples explicitly fetch and parse untrusted HTTP responses (e.g., client.fetch("https://api.example.com/premium/data")) and rely on external facilitator and Algorand endpoints (e.g., https://facilitator.goplausible.xyz, https://testnet-api.algonode.cloud) to provide PaymentRequirements and transaction payloads that the agent is expected to read and act on, exposing it to arbitrary third‑party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements on-chain payment flows using Algorand: clients build and sign Algorand transaction groups, facilitators simulate, sign fee-payer transactions, and submit atomic groups to the Algorand network. It references private keys (AVM_PRIVATE_KEY), algod endpoints, SDK packages (algosdk, x402-avm), and an online facilitator URL. These are specific crypto/blockchain payment and signing actions (wallet/private-key signing and submitting transactions), which constitute direct financial execution authority.