last30days

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated content from Reddit and X (via openai_reddit and xai_x calls and proxy endpoints like proxy-monetize.fluxapay.xyz) and from general web search (websearch), and the agent is expected to read and synthesize those third‑party posts/threads as part of its research workflow, so untrusted content can influence prompts/results.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly requires making a payment as part of its normal workflow ("To search Reddit and X with real engagement metrics, I need to make a small payment (~$0.03). Continue?") and directs the agent to follow a payment workflow (references/x402-workflow.md) when the user consents. The manifest lists paid API endpoints and references "fluxa-wallet" files (error-handle.md, initialize-agent-id.md), indicating integration with a payment/wallet flow rather than a purely generic API call. Because the skill includes an explicit payment consent step and specific payment/payment-wallet workflow endpoints, it provides the agent with the capability to initiate or trigger financial transactions (direct financial execution), not merely generic web automation or API calling.