xgate-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs the agent to query the public xgate API (https://api.xgate.run) and to add/invoke discovered third-party service URLs via xgate_add_resource and MCP connector URLs (xgate.run), meaning it will fetch and execute untrusted public service/agent metadata and endpoints that can materially influence tool selection and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly built around blockchain token transfers and an MCP micropayment flow. It requires connecting a wallet to generate an MCP connector URL and, once connected, allows the agent to call x402 APIs with "automatic micropayments" that "settle automatically via server wallet." The CLI and API surface include token transfer queries and resource transfer operations. These are specific crypto/ledger payment capabilities (wallets, on-chain transfers, micropayments), not generic tooling, so it grants direct financial execution authority.