marketplace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to discover and call marketplace capabilities for "web scraping" and to accept task payloads (including arbitrary URLs/content) via worker/webhook flows (see SKILL.md, reference/buying.md, and reference/worker.md/webhook-hosting.md), which means it ingests untrusted, user-provided third-party web content and uses those results to drive tool use and follow-up actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a marketplace for buying, selling and paying with platform credits, and it states that earned credits are withdrawable as USDC or to a bank account. It offers CLI commands (balance, transactions, me) and a TypeScript SDK / API reference for programmatic use, and discusses withdrawing real money (USDC or bank transfer). These are specific financial actions (crypto withdrawal and bank transfers) rather than generic tooling, so it provides direct financial execution capability.