search-for-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's SKILL.md shows it searches and fetches marketplace entries from the x402 bazaar (via the CDP API) and even probes arbitrary public endpoints with the details <url> command, which clearly ingests untrusted third-party web content that could influence subsequent service selection or calls.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs running "npx awal@latest x402", which at runtime fetches and executes remote code from the npm registry (e.g., registry.npmjs.org), so the fetched package can directly control agent behavior and is a required runtime dependency.