bios-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sends queries to and polls results from the public BIOS deep-research API (https://x402.chat.bio.xyz/api/deep-research/{conversationId}), meaning the agent ingests third‑party research content that can influence subsequent actions and thus could carry indirect prompt-injection instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements crypto payment flows and signing operations. It uses USDC on Base and the x402 payment protocol, requires a wallet, and includes concrete tools and examples to authorize and execute payments:
• Direct payment flow: EIP-712 payment authorizations (sign_typed_data) and submitting X-PAYMENT / PAYMENT-SIGNATURE headers to complete paid requests.
• Concrete signing/execution options: Coinbase Agentic Wallet CLI (npx awal) that "handles x402 payment negotiation ... and payment in one command" (agentic automated payments), private-key signing examples (ethers.js, eth_account, viem), CDP SDK programmatic signing, and x402 client libraries.
• On-chain tx examples: building, signing, and sending a web3/viem transaction to the ReputationRegistry (giveFeedback) — demonstrates constructing and sending a blockchain transaction.

These are specific, actionable crypto payment and transaction capabilities (wallet signing, sending payment authorizations, and submitting on-chain transactions), so this skill grants direct financial execution authority.