x402-on-skale

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's agent client code (see SKILL.md and examples/complete-setup.md) calls fetch(url) on arbitrary endpoints (e.g., "https://api.example.com/api/data"), reads response.json() and response headers to parse payment challenges via httpClient.getPaymentRequiredResponse, and then uses that untrusted third‑party response to construct payment headers and drive follow-up requests, so external content can materially influence agent actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). Yes. The skill explicitly implements crypto payment functionality: it defines payment middleware with payTo addresses and token contract addresses, includes network IDs for SKALE, references ERC-3009 (TransferWithAuthorization), and provides client/server APIs (HTTPFacilitatorClient, x402HTTPClient, x402Client, ExactEvmScheme) to create payment payloads, sign them using a private key (privateKeyToAccount), encode payment signature headers, and perform agent-to-agent/autonomous payments. These are specific, purpose-built blockchain payment operations (wallet signing and transaction/payment submission), not generic I/O — therefore it grants Direct Financial Execution capability.