x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and inspect arbitrary public endpoints (e.g., "awal x402 details " and "awal x402 pay ") and to read payment requirements and input/output schemas from those third-party URLs to decide method/payment, which exposes the agent to untrusted, user-controlled web content that can influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides a payment-capable tool: the x402 protocol commands include an awal x402 pay command that "calls an x402 endpoint with automatic USDC payment" on the Base network. It requires authentication, checks USDC balance, accepts/maximizes USDC amounts, and automates sending on-chain/stablecoin payments. This is a specific financial execution capability (crypto payments/wallet interactions), not a generic HTTP or browser tool.