x402

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes code examples that directly embed a private key literal (privateKey: "0x...") and placeholders for secret keys in configuration, which encourages placing secrets verbatim in code/requests and creates exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The AI Agent Usage and client examples explicitly show the agent using fetchWithPayment/wrapFetchWithPayment to call arbitrary external URLs (e.g., agent.fetchWithPayment("https://api.market.com/prices") in the SKILL.md AI Agent Usage section), meaning the agent will fetch and act on untrusted third-party web content as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment protocol for on‑chain micropayments (Celo). It includes functions and APIs that create and settle payments: settlePayment, facilitator, wrapFetchWithPayment / fetchWithPayment, privateKeyToAccount, and serverWalletAddress / payTo addresses. The client hooks automatically handle wallet connection and payment signing; server code verifies and settles payments on‑chain and accepts payment headers. It directly supports wallets, signing transactions, specifying networks, token addresses, and prices — i.e., explicit crypto/blockchain payment execution and autonomous agent payments. This meets the "Direct Financial Execution" criteria.