checkout

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to place an x402 payment payload verbatim into the X-PAYMENT request header (and to re-use payment payloads for authorizations), which requires the LLM to handle and emit secret/signed payment data directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill requires the user to supply a public product page URL and sends that URL in the Step 1/Step 2 request body (the "items.url" field posted to https://checkout-agent.credpay.xyz), which implies the service will fetch/scrape open third-party webpages and use their content to determine quotes and payment actions, exposing the agent to untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute payments. It uses a checkout API that requires an X-PAYMENT header containing an "x402 payment payload" to pay a quoted USDC amount on a specific blockchain (Default chainId 8453 — Base). It includes endpoints to submit the payment (checkout), handle payment authorization, and poll for completion. This is a direct crypto/payment gateway integration (sending signed payment payloads), so it grants direct financial execution capability.