standards

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs agents to discover and fetch agent registration JSON and .well-known/agent-registration.json hosted on IPFS or arbitrary web endpoints (e.g., agentEndpoint) and to call those service endpoints via x402Fetch—untrusted, user-controlled content that the agent must read and act on (including signing payments and making onchain transactions) is therefore consumed at runtime (see the "Prepare the registration JSON", ".well-known/agent-registration.json", and x402Fetch examples in SKILL.md).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly describes and provides code for blockchain payment operations: EIP-3009 "transferWithAuthorization" gasless token transfers, the x402 HTTP payment protocol (402 flow), SDKs like @x402/fetch and @x402/evm, and examples that create wallets from PRIVATE_KEY and sign/settle onchain payments (facilitator POST/settle, tx hashes). It therefore grants direct crypto/blockchain financial execution capability (signing and submitting token transfer transactions and settling payments).