x402-wach

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required verify-risk workflow pulls token reports and a Source link from TokenSense (https://tokensense.wach.ai//) and returns sections like "Social & Community" that are third-party/user-generated content which the agent is expected to read and use to drive its analysis, exposing it to untrusted external input.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly integrates AWAL-managed wallet custody and x402 payments and exposes wallet commands (wallet setup, login, verify, balance, address, status) and a paid operation (x402-wach verify-risk) that charges USDC on Base. It enforces payment guardrails, caps, and readiness checks and the programmatic API (verifyTokenRisk/getAwalReadiness) performs paid calls. This is a specific crypto payment execution capability (sending USDC on Base via AWAL), not a generic tool, so it provides direct financial execution authority.