seo-audit-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md and API docs explicitly instruct the agent to call x402 endpoints (/seo, /lighthouse, /links) to crawl and ingest data from arbitrary public URLs provided by the user, and then to read and act on those results when generating audit recommendations, which exposes the agent to untrusted third‑party webpage content that could carry indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill integrates an explicit payment protocol ("x402 micropayments") and states the API requires x402 payments and that "your x402 skill/wallet handles payment automatically." While the skill's primary purpose is SEO, it embeds a specific payment gateway/protocol and implies automatic transaction execution to pay for API calls. This is an explicit financial execution capability (sending micropayments), so it meets the criterion for Direct Financial Execution.