openserv-client

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly accepts and processes arbitrary user-provided content via public webhook and x402 triggers (e.g., triggers.webhook / triggers.x402 and fireWebhook/payWorkflow usages) and also lists public marketplace/x402 services via client.payments.discoverServices (no auth), so the agent will read untrusted third-party/user-submitted input as part of its workflow.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly exposes payment and blockchain APIs: it documents x402 paywall triggers with price fields, programmatic payment calls (client.payments.payWorkflow), discovery of payable services (client.payments.discoverServices), and "paywallUrl" in provision results. It also requires and uses a wallet private key (WALLET_PRIVATE_KEY), shows client.authenticate(privateKey), includes client.web3.* (credits top-up), and ERC-8004 on‑chain registration/minting (registerOnChain, requires ETH on Base). These are specific, purpose-built payment/crypto operations (sending payments, handling wallets, minting on-chain identity), not generic tooling—so the skill grants direct financial execution authority.