x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses untrusted public third‑party endpoints (e.g., PAYMENT-REQUIRED from paid APIs, facilitator /health /supported /verify /settle at https://facilitator.radiustech.xyz and alternative facilitators, and discovery endpoints like https://api.cdp.coinbase.com/…) as required runtime steps (see SKILL.md and references/*), and those responses directly drive signing, payment amounts, payTo addresses, and subsequent verify/settle actions—so third‑party content can materially influence agent behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly a payment integration for x402 micropayments. It contains concrete crypto payment tooling and workflows: signing EIP-2612 + Permit2 permits, client helper script (scripts/x402-pay.mjs) that signs and pays, viem-based signing instructions, Permit2 proxy and token contract addresses, facilitator URLs (/verify, /settle), server-side processPayment() patterns, and environment vars like PAYMENT_ADDRESS and PRIVATE_KEY. The skill's primary purpose is to move/value-transfer SBC tokens (monetize APIs, consume paid APIs, settle payments). This is not a generic HTTP or automation tool — it is specifically for executing crypto payment flows.