agent-x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to call the public omniapi endpoint (https://omniapi-production-7de2.up.railway.app) to fetch Twitter and Instagram data (e.g., /user-tweets, /instagram/posts), which are untrusted, user-generated third-party contents that the agent is expected to read and could materially influence its actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly provides an on-chain/crypto payment flow: "pay with USDC per request via the x402 protocol" and usage of an awal CLI that authenticates a wallet, checks/funds USDC balance, and issues payments via npx awal@latest x402 pay. It states agents "can autonomously ... pay the exact cost per call" without human intervention. This is a specific crypto-wallet/payment integration (wallet auth, funding, sending USDC) — i.e., direct financial execution capability.