agent-payment-x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — SKILL.md explicitly instructs the agent/developer to "fetch the latest language-specific guide before generating code" and lists raw.githubusercontent.com and okx/onchainos-skills repository URLs (public third‑party docs) which the agent is expected to read and use to produce code and payment flows, allowing external content to materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP configuration invokes "npx agentwallet-sdk@6.0.0" at runtime, which downloads and executes remote package code (see https://www.npmjs.com/package/agentwallet-sdk), so this external dependency runs code and is required for the skill.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a payment execution integration. It defines a payment protocol (x402), non-custodial wallets, signing transactions, and enumerates agent-callable payment tools (e.g., send_payment, get_balance, list_transactions, check_spending). It also instructs use of agentwallet-sdk and OKX Payments / OKX Agent Payments Protocol (blockchain/settlement SDKs). These are specific, purpose-built financial APIs and wallet integrations intended to move funds (including signing and sending payments), not generic tooling. Therefore it grants Direct Financial Execution capability.