x402storage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and displays content from public x402.storage IPFS URLs (see "Recall Flow" — "Fetch that URL using WebFetch" — and "Fetch Flow" — "Fetch content using WebFetch"), which are user-uploaded, public third‑party content and thus could carry indirect prompt-injection payloads.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches runtime content from x402.storage (https://x402.storage/{cid}) via WebFetch to "restore context" and memory, meaning externally-hosted content is loaded at runtime and can directly influence the agent's prompts and behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly manages blockchain wallets and on-chain payments for storage. It includes commands to generate EVM and Solana wallets, show wallet addresses and balances, switch active wallets, and instructs the user to "Send {USDC/SOL} to: {address}" to pay for storage. The flows reference wallet-generation tools (npx @x402storage/mcp --generate-evm-wallet / --generate-sol-wallet) and MCP wallet tools (mcp__x402storage__wallet, mcp__x402storage__set_active_wallet). Because it is specifically designed around crypto wallets and paying for storage with USDC/SOL, it meets the "Crypto/Blockchain (Wallets...)" criterion for direct financial execution authority.