pubmed-trends

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to fetch and pay for data from the public API at https://pubmed.sekgen.xyz (e.g., /keypapers, /digest, /trends) and to read/interpret returned publication metadata and paper lists—public, user-curated/web-origin content that the agent ingests and uses to drive analyses and decisions—so untrusted third-party content could influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires and demonstrates payment commands using the x402 companion skill from coinbase/agentic-wallet-skills (e.g., "awal x402 pay 'https://...'" and specifies USDC micropayments on Base with per-endpoint prices). These are direct crypto payment instructions (sending funds) rather than generic API access, so the skill provides explicit capability to execute financial transactions.