lucid-agent-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's JS handler contract explicitly permits outbound fetches to external hosts via handlerConfig.network.allowedHosts (including the unsafe ["*"]) and shows examples fetching public APIs like https://api.weather.com, meaning handlers can ingest and act on arbitrary third-party web content at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes blockchain payment and signing operations: it documents Sign-In-With-Ethereum (SIWE) with a server wallet, uses functions like createX402Payment, shows privateKeyToAccount (viem) and custom signing flows, specifies asset and USDC token addresses, payTo addresses, setup-payment and 402/PAYMENT-SIGNATURE flow, and facilitator/payment configuration. These are concrete crypto/payment APIs and wallet-signing steps intended to move/value-transfer money (USDC) and authorize payments. This is not a generic API caller or browser automation — it is specifically designed to sign and submit blockchain payments and payment-auth headers.