buy

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that hard-code private keys (e.g., const privateKey = "0x...") and instruct using WALLET_PRIVATE_KEY in runtime, which can encourage an agent to insert or echo secret key values verbatim into generated code or commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs agents to fetch and pay arbitrary HTTP(S) endpoints and to decode and parse untrusted 402 responses and PAYMENT-REQUIRED headers (and use Bazaar discovery results) so the agent will read/interpret public third‑party resource schemas and content that could carry indirect prompt injections.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform on-chain and token payments: it instructs agents to create and use wallets, store and use private keys, top up USDC, register EVM/Solana signing schemes, and call SDKs (x402-fetch, @x402/evm, viem, etc.) to sign and send payments for HTTP 402 payment-required flows. It lists USDC token addresses, network IDs, and concrete code examples that programmatically authorize and submit payments and check payment receipts. This is a specific, finance-focused capability (crypto wallets + transaction signing + token transfers), not a generic tool, so it grants direct financial execution authority.