docapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches arbitrary public web pages via its screenshot endpoint (POST https://api.docapi.co/v1/screenshot with a "url" field), so the agent will ingest/display untrusted third‑party page content as part of its runtime workflow, which could carry instructions that influence subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provisions and uses a crypto payment flow: agents self-register and are issued a USDC wallet on Base mainnet, an on-chain USDC address is stored in environment variables, and the docs instruct the agent to autonomously send USDC to that address to top up credits (including example send_usdc / sendUsdc calls, minimum top-up, network specification, and handling 402 by sending USDC). This is a specific crypto payment/wallet integration for moving funds, not a generic API caller or browser automation, so it grants direct financial execution capability.