pay-for-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Fetching Paid Content" and Flow step 3 require calling fdx call getX402Content --url , which fetches and returns content (and payment requirements) from arbitrary x402 endpoints on the open web, so untrusted third‑party responses can be read and influence payment/agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment tool. It uses a Finance District wallet to authorize and sign x402 HTTP payments and provides direct commands that discover payment requirements and execute payments (e.g., "fdx call getX402Content" which "authorizes payment and retrieves the content in one step", and "fdx call authorizePayment"). It also exposes wallet/balance checks (fdx status, getWalletOverview), allows choosing network/asset and setting maxPaymentAmount, and references funding/swapping wallets. This is a purpose-built payment/payment-authorization integration (multi-chain, multi-asset) — not a generic API or browser automation — and thus grants direct financial execution capability.