birdeye

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch live, public Birdeye API and WebSocket data from https://public-api.birdeye.so (e.g., /defi/v3/token/meme/list, /defi/v2/tokens/new_listing, /v1/wallet/tx_list and SUBSCRIBE_* channels) — these are open third‑party, user-driven token listings and on‑chain feeds that the agent is expected to read and use to drive analysis and actions, so untrusted external content could indirectly inject instructions or influence behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly includes crypto payment and wallet functionality. It documents an "x402 pay-per-request" mode that charges USDC per call and is used "when agent has a Solana wallet," includes an examples/x402/pay-per-request.ts, and references wallet endpoints (wallet net-worth, pnl, tx_list, /v1/wallet/simulate). These are specific, crypto-focused APIs (agent-native payments / Solana wallet usage) rather than generic HTTP or browser tooling, so the skill enables direct crypto financial execution.