x402-card

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's create flow clearly fetches payment requirements from an external x402 server (see "Step 2: Create" / references/create-card.md and references/x402-protocol.md: GET /open/ai/x402/card/create → HTTP 402 with an "accepts" array including amountRequired and payToAddress), and the agent must read and act on that untrusted server response (exact USDT amounts, payToAddress, resource) to perform wallet payments and signatures, so third-party content can materially influence actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto payment/card management tool: it creates one-time virtual Visa/Mastercard funded with USDT on BSC, performs on-chain approve and ERC20 transfers, uses EIP-712 signatures, and initiates WalletConnect flows to transfer USDT and BNB (topup, gas, withdraw). These are specific cryptocurrency wallet/transfer and signing operations (not generic browser or HTTP callers) whose primary purpose is moving funds. Therefore it grants direct financial execution capability.