phone-calls

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls the external StablePhone API (https://stablephone.dev) and its SKILL.md explicitly returns and instructs the agent to "Review transcript and summary" (response fields include "transcript", "transcripts", and "recording_url"), meaning the agent will ingest untrusted, user-generated call transcripts from a third-party service that could contain instructions influencing subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires running the npx agentcash@latest CLI which fetches and executes remote code and is used at runtime to call the external API (e.g., npx agentcash@latest fetch https://stablephone.dev/api/call), so this external dependency executes remote code and is required.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit paid endpoints and wallet interaction for purchasing and topping-up phone numbers and for making paid calls (prices listed, "Buy phone number" and "Top up number" endpoints, and instructions to set up a wallet and use agentcash commands such as balance and fetch). These are concrete API actions that cause payments (i.e., send transactions to purchase services), so the agent can directly initiate financial operations.