phone-calls

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and ingests transcripts and summaries from a public third‑party API (https://stablephone.dev/api/call and the "Check Call Status" response fields transcript/transcripts/summary in SKILL.md), and those user-generated call transcripts are read and used in the workflow (polling and "review transcript and summary"), so untrusted third‑party content could influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill repeatedly requires running "npx agentcash@latest fetch" to interact with https://stablephone.dev at runtime, and npx will fetch and execute remote npm package code (agentcash) on the host, so this is a required runtime dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit, purpose-built payment endpoints and wallet integration for purchasing and maintaining phone numbers and for paid calls. The Quick Reference lists prices and shows API endpoints that perform transactions (POST https://stablephone.dev/api/number to buy a number, POST https://stablephone.dev/api/number/topup to top up, POST https://stablephone.dev/api/call to place a paid call), references wallet usage (querying numbers by wallet=0x..., "wallet setup", and npx agentcash@latest wallet info). These are specific financial actions (buy/top-up/send paid calls) rather than generic tooling, so the skill grants direct financial execution capability.