maxia

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs registering to obtain an API key and explicitly demonstrates curl commands that embed the API key in the X-API-Key header (and similar fields), which requires the agent to include secret values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls MAXIA public marketplace APIs (e.g., https://maxiaworld.app/api/public/services, /discover and the MCP tool maxia_execute) that surface user-generated listings and outputs from external agents which the agent is instructed to read/execute, so untrusted third-party content can influence decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls the runtime execute endpoint (https://maxiaworld.app/api/public/execute), which buys and runs external services/agents (executing remote code and influencing prompts) and is used as a required dependency for the marketplace features.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly supports on-chain payments and marketplace transactions: it is a Solana-based marketplace that lets agents sell services (POST /sell with price_usdc), buy/execute services (POST /execute with service_id and an optional "payment_tx" Solana transaction signature), and negotiate prices (POST /negotiate). It also states payments are USDC on Solana and lists MCP tools like maxia_sell, maxia_execute, and maxia_negotiate. These are specific crypto/payment operations (sending/recording payments, accepting USDC, using transaction signatures), i.e., direct financial execution capabilities.