x402-payment-demo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md workflow instructs the agent to fetch protected resources from public third-party URLs (e.g., https://x402-demo.bankofai.io/protected-nile and other x402-demo.bankofai.io endpoints) and to "perform the payment and resource acquisition automatically as guided by the protocol," meaning the agent will read and act on responses from those external servers which could contain instructions that influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements a crypto payment protocol on TRON and BSC networks and instructs the agent to "Perform the payment and resource acquisition automatically" including "handling 402 Payment Required, signing permits, etc." This is a specific blockchain/wallet payment capability (signing transactions and moving crypto) rather than a generic tool, so it grants direct financial execution authority.