moonpay-missions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and read public third‑party content—e.g., "mp token trending list" in Mission 2 and "mp prediction-market market trending list --provider polymarket" plus "mp prediction-market market event retrieve" in Mission 8—which the agent must interpret to choose tokens/markets and then take follow‑on actions (research, swaps), so untrusted/user-generated content can materially influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for cryptocurrency and fiat transactions. It exposes CLI commands that build, sign, and broadcast on-chain transactions (e.g. mp token swap, mp token transfer, mp token bridge), create and manage wallets (mp wallet create, mp token balance list, mp bitcoin balance retrieve), and generate fiat checkout links for purchases (mp buy --token ... --amount ... --wallet ... --email ...). It also mentions virtual accounts (mp virtual-account create) and message signing for verification. These are specific financial execution capabilities (sending swaps/transfers, broadcasting transactions, and initiating fiat buys), not generic tooling.