moonpay-commerce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to browse and query Solana Pay–enabled Shopify stores (via Shopify MCP endpoints) to retrieve product listings and details from public stores, which are untrusted third-party content the agent must read and act on (search/add to cart/checkout), creating a clear avenue for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements crypto payments: it has a "checkout" command that initiates a Helio/Solana Pay payment, requires a wallet name, signs the transaction locally, and submits the transaction (buyer pays in USDC). It mentions transaction signatures, Helio covering gas, and related skills for wallet setup and token swaps. This is a specific cryptocurrency payment flow (wallet signing + transaction submission), i.e. direct financial execution.