pay-for-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs calling arbitrary external URLs with "npx awal@latest x402 pay ", which causes the agent to fetch and act on responses from untrusted public third‑party endpoints (open web) that could contain injected instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements on-chain/crypto payment functionality: it provides a command (npx awal x402 pay) that automatically pays USDC on Base to call paid API endpoints, requires wallet authentication and sufficient USDC balance, and exposes payment-specific parameters (e.g. --max-amount in USDC atomic units). This is a specific financial execution tool (crypto wallet/payment flow), not a generic API caller or browser automation, so it grants direct financial execution capability.