apiosk-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and trusts open gateway listings and runtime 402 responses (e.g., SKILL.md and the scripts using GET /v1/apis, /types//v1 and handling 402 responses from https://gateway.apiosk.com) and instructs the agent to read those responses and act (choose endpoints, construct payment proofs, and retry calls), so untrusted third‑party content can materially influence the agent's actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements a crypto payment gateway flow: it handles 402 Payment Required responses, instructs building an EIP-3009 TransferWithAuthorization payload, signing with EIP-712, creating a base64 x-payment proof header, and retrying paid proxy calls. It also exposes blockchain-related endpoints (balance, usage by wallet address) and requires wallet signatures for register/update/delete operations. These are specific tools/APIs for crypto/ blockchain payments and signing (i.e., direct financial execution), not generic browser or HTTP tooling.