pay-for-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill issues arbitrary HTTP requests specified by the user (npx awal@latest x402 pay ) and can call public/untrusted APIs (and services discovered via search-for-service), so it will fetch and surface third-party content that could contain indirect prompt injections.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements on-chain/crypto payment functionality: it provides a command (npx awal x402 pay) that automatically pays USDC on Base to call paid API endpoints, requires wallet authentication and sufficient USDC balance, and exposes payment-specific parameters (e.g. --max-amount in USDC atomic units). This is a specific financial execution tool (crypto wallet/payment flow), not a generic API caller or browser automation, so it grants direct financial execution capability.