x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and inspects arbitrary public endpoints and bazaar entries (e.g., "awal x402 bazaar search", "awal x402 details ", and "awal x402 pay ") and reads their responses/schemas from untrusted third-party websites/APIs, exposing the agent to indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides a payment-capable tool: the x402 protocol commands include an awal x402 pay command that "calls an x402 endpoint with automatic USDC payment" on the Base network. It requires authentication, checks USDC balance, accepts/maximizes USDC amounts, and automates sending on-chain/stablecoin payments. This is a specific financial execution capability (crypto payments/wallet interactions), not a generic HTTP or browser tool.