agent-protocol-interleave

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public, untrusted identity documents (e.g., A2A Agent Cards fetched from /.well-known/agent.json and ANP W3C DID documents via DID resolution) and the SKILL.md shows workflows (e.g., bisimulation-oracle converting agent_card_to_lts and did_document_to_lts) that require reading and interpreting those third-party documents to make identity/decision outcomes, so external content can influence tool use and next actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes an "AITP (Agent Interaction & Transaction Protocol)" section describing agent commerce and payments, names NEAR blockchain accounts + payments, and defines an "AITP-01 capability: Quote → upstream flow → payment handler". It also provides an aitp_payment_game function that models payment flows and equilibrium strategies and references AITP as natively integrating agent micropayments. These are specific, payment-focused capabilities (crypto/blockchain payments and a payment handler), not generic tooling, so this constitutes direct financial execution capability.