omni-x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). omni-x402 fetches public, user-generated social media content (e.g., tweets and Instagram posts via /user-tweets, /followers, /instagram/posts on https://omniapi-production-7de2.up.railway.app), which the agent is expected to retrieve and interpret, exposing it to indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly enables on‑chain/crypto payments: it requires an authenticated wallet, shows how to fund it with USDC (send USDC on Base or use Coinbase Onramp), and instructs agents to call npx awal@latest x402 pay which "handles USDC payment automatically" per request via the x402 protocol. This is a specific crypto payment flow (wallet operations and automated transaction payments), not a generic API caller or browser automation, so it grants direct financial execution capability.