agentripe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches agent service catalogs from tokenURI HTTPS URLs (or data: URIs) returned by the public IdentityRegistry and ingests vendor/buyer-provided task payloads, taskDetail, reviewer_request and task results via the public REST endpoints (e.g., {SERVER_URL}/tasks/{taskId}/result and vendor task APIs), which are untrusted third-party/user-generated content that the agent is expected to read and interpret.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for financial operations. It defines a payment flow using the x402 payment protocol, on-chain escrow (Agentripe contract) and USDC, lists contract addresses, and provides concrete commands/APIs to "pay" (npx awal x402 pay), monitor escrow (contract calls/events), release/refund escrow, and "withdraw" funds to vendor wallets. It includes crypto/blockchain-specific steps (EVM signatures, contract methods, chainId, USDC on Base) and an integrated payment CLI and facilitator. These are specific payment/crypto capabilities (sending/locking/releasing funds), not generic tooling.