t2000-pay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Flow and examples show the skill performs HTTP requests to arbitrary third-party URLs and reads the PAYMENT-REQUIRED header/terms from those responses to decide and execute payments, so untrusted external content from those endpoints can directly influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to execute payments. It uses the t2000 wallet to sign and broadcast USDC payments on the Sui network as part of an automated x402 402-payment handshake, enforces and checks balances/limits (e.g., --max-price, INSUFFICIENT_BALANCE), and retries the request with payment proof. These are concrete crypto wallet/payment operations (signing and sending on-chain transactions), not generic HTTP or automation functionality.