pg-buy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and commands reference required workflows like "proxygate apis", "proxygate listings docs ", and "proxygate proxy ..." which fetch public marketplace listings, seller-provided docs, and upstream API responses (untrusted/user-generated third‑party content) that the agent reads and can change subsequent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides commands and SDK methods to move money: it instructs depositing USDC (proxygate deposit with lamports amounts), requires a Solana wallet and RPC, auto-initializes a vault, and supports withdrawing credits back to USDC (proxygate withdraw, withdraw-confirm with tx signature). These are direct crypto/blockchain financial operations (wallet-based transfers and transaction confirmations), not generic tooling. Therefore it grants direct financial execution capability.