okx-a2a-payment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches the seller-issued "on-server challenge" during the Buyer → Pay flow and "signs the on-server challenge as-is" (see "Buyer — Pay a Payment Link" / Workflow A in SKILL.md), meaning it ingests external, potentially untrusted server-provided content that directly controls signing behavior and tool use.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill explicitly implements agent-to-agent on-chain payments. It wraps the onchainos CLI commands to create payment links and to execute payments: onchainos payment a2a-pay create (creates a paymentId for a token amount/symbol/recipient) and, crucially, onchainos payment a2a-pay pay which fetches an on-server challenge, TEE-signs an EIP-3009 authorization and submits the credential, producing on-chain effects (tx_hash, status transitions, confirmations). The skill requires authenticated wallet sessions, accepts amount/symbol/recipient inputs, and auto-polls for on-chain settlement—all of which are specific, explicit crypto payment execution capabilities rather than generic tooling. Therefore it grants direct financial execution authority.