workout-generator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to attach a base64-encoded signed Solana transaction as the X-PAYMENT header (a sensitive, secret-containing value) in a subsequent POST, which requires emitting that exact secret-bearing value verbatim in the request output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required x402 payment flow instructs the agent to POST to https://workout-rho-eight.vercel.app/api/agent/generate-workouts, read the HTTP 402 response body (payment requirements) from that third-party server, and then sign and return a transaction based on that data, i.e., the agent ingests untrusted remote content that directly drives signing/subsequent requests.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires on-chain crypto payment handling: it uses the x402 payment protocol on Solana, requires 0.01 USDC, and instructs the client/agent to "Sign a Solana transaction" and include the base64-encoded signed transaction as an X-PAYMENT header so the facilitator can broadcast it. It also references wallet configuration and balance checks (lobster.cash). This is a specific blockchain payment flow (transaction signing) — not a generic API or browser automation — and therefore constitutes direct financial execution capability.