x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and interprets arbitrary third-party web content and service metadata (e.g., via "awal x402 details ", "awal x402 pay ", and bazaar search/listing), meaning it ingests untrusted public URLs and user-provided service responses as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides a payment-capable tool: the x402 protocol commands include an awal x402 pay command that "calls an x402 endpoint with automatic USDC payment" on the Base network. It requires authentication, checks USDC balance, accepts/maximizes USDC amounts, and automates sending on-chain/stablecoin payments. This is a specific financial execution capability (crypto payments/wallet interactions), not a generic HTTP or browser tool.