pay-for-http-request

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and options that place secrets directly into command-line arguments and headers (e.g., --private-key, --password, -H "Authorization: Bearer token", -k KEY), which instructs the agent to embed secret values verbatim in generated commands—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to fetch arbitrary third‑party URLs (e.g., "purl " and examples like "purl https://api.example.com/premium-data" and "purl inspect https://api.example.com/endpoint"), and it negotiates/executing x402 payments based on the returned payment requirements, meaning untrusted external responses can directly influence tool decisions and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to perform payments on blockchain networks. It implements the x402 payment protocol, manages wallets/keystores, accepts/imports private keys, checks balances, selects networks (EVM and Solana), and includes options to execute payments (e.g., --max-amount, --confirm, --dry-run) when accessing payment-gated APIs. These are concrete crypto/blockchain payment and signing capabilities — not generic HTTP tooling — and therefore constitute direct financial execution authority.