sp3nd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill accepts arbitrary Amazon product URLs and explicitly states "SP3ND will scrape the price and details automatically" in Step 2 / Create a Cart (SKILL.md), meaning the service fetches public Amazon pages and the scraped third‑party content is used to populate order details and payment amounts, so untrusted web content can directly influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill explicitly provides autonomous on-chain payment functionality — it is a payment integration, not a generic tool. It documents a full Agent API to register agents, create carts/orders, and a payAgentOrder flow that returns x402 payment requirements. It requires building and signing Solana USDC transactions (createTransferCheckedInstruction, createMemoInstruction, VersionedTransaction v0) with the agent's keypair, interacting with a facilitator (/verify and /settle) that broadcasts the transaction, and polling for on-chain payment confirmation. It includes concrete crypto details (USDC mint, treasury wallet, payTo & feePayer addresses) and a complete code example that performs the transfer. This is a specific crypto payment gateway/wallet integration that enables an agent to move funds and settle purchases — therefore it grants Direct Financial Execution Authority.