media-generation

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires running the remote npm package via "npx agentcash@latest" (which fetches and executes code from the npm registry, e.g. https://registry.npmjs.org/agentcash) at runtime, so it downloads and runs external code as a required dependency.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires and documents payment integration: it instructs use of "x402 payments" and the agentcash CLI (including "fetch" and "fetch-auth") and refers to wallet setup. Those are specific crypto/wallet/payment primitives (signing/authorization) used to execute paid generation requests, so the skill includes direct financial execution capability.