x402-stacks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill makes HTTP requests to arbitrary service URLs and parses their responses (e.g., x402scan registration/validation at https://scan.stacksx402.com which fetches user-provided "url" endpoints, plus the x402Request/axios flows that GET arbitrary URLs and parse 402 headers/body), so the agent will read and interpret untrusted third-party content.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed for on-chain payments: it provides wallet keypair generation and private-key loading (privateKeyToAccount, generateKeypair), constructs and signs STX/sBTC token transfer transactions (makeUnsignedSTXTokenTransfer, stx_signTransaction), a server-side auto-pay client (wrapAxiosWithPayment) that performs payments on HTTP 402 responses, and an Express paymentMiddleware to require/settle payments. These are concrete crypto/blockchain payment operations (wallet management, transaction creation/signing, and payment settlement), so it grants direct financial execution capability.