x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's middleware explicitly contacts a third‑party facilitator service (configured via NEXT_PUBLIC_FACILITATOR_URL, default https://x402.org/facilitator) using HTTPFacilitatorClient and relies on the facilitator's verification/settlement responses to decide whether to serve protected content, so external untrusted responses can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the facilitator service at https://x402.org/facilitator (set via NEXT_PUBLIC_FACILITATOR_URL) at runtime to verify payments and perform/trigger on-chain settlements, making that external URL a required runtime dependency that executes remote actions and directly controls runtime behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to integrate the x402 crypto payment protocol into a project. It configures onchain payments (USDC), requires a RESOURCE_WALLET_ADDRESS and CAIP-2 network, registers EVM schemes, and uses a facilitator that verifies signatures and executes onchain USDC transfers. It also includes client and CLI code to register a signer/private key and perform signed payment requests. These are specific crypto/blockchain payment and settlement capabilities (wallets, signing, onchain transfers), so it grants direct financial execution authority.