agentwallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the agent to fetch arbitrary target HTTPS URLs (see "x402/fetch
• ONE-STEP PAYMENT PROXY" and the "x402 Manual Flow") and to read response bodies and payment-required headers from those external APIs, meaning untrusted public API content can be ingested and directly influence signing/retry and other actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a wallet/payment agent. It provisions server wallets, exposes x402 payment signing (x402/fetch and x402/pay), and provides direct on-chain financial APIs: EVM transfers, Solana transfers, contract-call (including raw transactions), sign-message, and a funding onramp (Coinbase) and balance/funding endpoints. Those are specific crypto/blockchain and payment execution functions (not generic HTTP or browser tools) that can move funds or sign transactions. Therefore it grants direct financial execution capability.