last30days

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public, user-generated content from Reddit, X, and the web (see SKILL.md "Research ANY topic across Reddit, X, and web" and SPEC.md + scripts/last30days.py which call openai_reddit.py, xai_x.py, and websearch), and it parses/scores that untrusted content to synthesize outputs and prompts that drive agent actions, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.85). The skill performs runtime fetches to the proxy endpoints (e.g. https://proxy-monetize.fluxapay.xyz/api/openai-api-endpoints/web_search and https://proxy-monetize.fluxapay.xyz/api/grok-api-call/v1/responses) to obtain JSON search/payload data that is injected into the agent's context and used to drive generated prompts, so these external URLs directly control agent instructions at runtime.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires making a payment as part of its normal workflow ("To search Reddit and X with real engagement metrics, I need to make a small payment (~$0.03). Continue?") and directs the agent to follow a payment workflow (references/x402-workflow.md) when the user consents. The manifest lists paid API endpoints and references "fluxa-wallet" files (error-handle.md, initialize-agent-id.md), indicating integration with a payment/wallet flow rather than a purely generic API call. Because the skill includes an explicit payment consent step and specific payment/payment-wallet workflow endpoints, it provides the agent with the capability to initiate or trigger financial transactions (direct financial execution), not merely generic web automation or API calling.