nipper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Quickstart and Getting Started workflows explicitly instruct the agent to call open endpoints (e.g., GET /v1/marketplace/search and GET /v1/marketplace/apps/{app_id}) to fetch third-party-published app metadata, capability descriptions, and examples (user-generated/untrusted content) which the agent must read and which can materially influence which capabilities it invokes and how it behaves, enabling indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The Nipper skill explicitly implements crypto/banking payment flows: wallet generation, SIWE registration, on-chain self-deposits (approve, deposit, depositFor), programmatic payment via the x402 protocol (EIP‑712 TransferWithAuthorization signatures), card-finalize flow that requires submitting signed authorizations, balance checks/holds/settlement, and withdrawals (POST /v1/withdrawals) that send funds to a linked wallet. These are concrete APIs and instructions to move USDC on-chain and update platform balances — not generic tooling — so it grants direct financial execution authority.