metengine-data-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflow and SKILL.md explicitly instruct the agent to fetch and ingest live data/docs from public endpoints (e.g., https://agent.metengine.xyz/api/v1/... for markets/wallets/pricing and remote docs at https://raw.githubusercontent.com/MetEngine/skill/...), which include user-generated market questions, trader/wallet data and summaries that the agent must read and use to decide next actions (payment, endpoint selection, fallbacks), exposing it to untrusted third-party content that could carry indirect prompt-injection vectors.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs agents to fetch remote doc files at runtime (for example: https://raw.githubusercontent.com/MetEngine/skill/main/references/core-runtime.md), and those fetched docs are used as authoritative runtime instructions that directly control the agent's prompts/behavior and are relied on by the load-order rules, so this is a runtime external dependency that can change agent instructions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires executing an "x402 handshake using local Solana wallet (USDC + SOL required)" and is built around a pay-per-request API that may require payment signing. It references loading payment flow details in core-runtime.md. This is not generic browsing or API calling — it specifically calls for wallet-based crypto payment signing, which is a direct crypto/transaction execution capability.