ovra-agentic-payments

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's docs (SKILL.md and README) explicitly state the agent will fetch and interact with merchant checkout pages via CDP and use ovra_pay(..., action: "handle_402", url: "...") to access arbitrary URLs (e.g., "https://api.example.com/data"), meaning the agent will read and act on open/public third‑party web content which can influence payment actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payments integration. It provides a primary payment API (ovra_pay) with a "checkout" action, fine-grained intent management (ovra_intent) for declaring and verifying purchases, credential issuance (ovra_credential) to obtain DPAN + cryptogram, and virtual card management (ovra_card: issue, freeze, close, rotate). The doc states the agent "does autonomously: checkout via ovra_pay" and shows concrete examples for performing payments, handling HTTP 402 paywalls, and checking balances. These are specific tools and actions intended to move money (complete checkouts, issue virtual cards, and manage transactions), so it meets the criteria for Direct Financial Execution.