pay-for-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and issues HTTP requests to arbitrary URLs via the npx awal@latest x402 pay <url> command, meaning it will fetch and process open/public third‑party web content (e.g., APIs or webpages) which could contain untrusted or user-generated data capable of carrying indirect prompt injections.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly implements on-chain/crypto payment functionality: it provides a command (npx awal x402 pay) that automatically pays USDC on Base to call paid API endpoints, requires wallet authentication and sufficient USDC balance, and exposes payment-specific parameters (e.g. --max-amount in USDC atomic units). This is a specific financial execution tool (crypto wallet/payment flow), not a generic API caller or browser automation, so it grants direct financial execution capability.