kryptogo-pay-checkout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls KryptoGO's public APIs (e.g., https://wallet.kryptogo.app/v1/studio/api/payment/intent) and requires handling incoming webhook payloads (e.g., /payment/callback parsing req.body and order_data), which are untrusted third-party content the agent is expected to read and that directly drive actions like updating orders and refunds.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to implement crypto payment flows and to move value. It provides concrete payment APIs and SDK hooks: creating Payment Intents (createPaymentIntent endpoint and /v1/studio/api/payment/intent), a front-end usePayment hook that opens a payment modal and returns txHash, and an asset transfer endpoint (/v1/studio/api/asset_pro/transfer) for token transfers/withdrawals. It requires API keys (X-STUDIO-API-KEY, X-Client-ID) and webhook handling for payment status. These are specific, actionable financial operations (crypto payments and transfers), not generic tooling.