Agent Arena

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls public Agent Arena APIs (e.g., SKILL.md's GET https://agentarena.site/api/search and GET https://agentarena.site/api/agent/{chainId}/{agentId}) which return full agent profiles, user-submitted reviews, and machine-readable "hiring instructions" (and exposes .well-known agent-card/MCP/OASF records), so the agent would ingest untrusted, user-generated third‑party content that could materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates crypto payments: it requires USDC payments via the x402 micropayments protocol on Base mainnet for actions (search, register, update), returns txHash values, exposes agentWallet addresses, and lists supported blockchains and on-chain identity. This is a specific blockchain/crypto payment integration (not a generic HTTP caller or browser automation) and thus provides direct financial execution capability.