pay-for-service

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls arbitrary x402-enabled HTTPS endpoints using "npx agnic@latest x402 pay " (see "Command Syntax" and "Workflow") and returns/outputs the third‑party JSON response that the agent is expected to read and could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires running "npx agnic@latest", which at runtime fetches and executes remote code from the npm registry (e.g. https://registry.npmjs.org/agnic), making it a required external dependency that executes remote code.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). This skill is explicitly designed to execute on-chain payments: it invokes "npx agnic... x402 pay" to make automatic USDC payments on Base, requires wallet authentication, checks balances, accepts a --max-amount in USDC atomic units, and describes handling of insufficient balance and payment errors. It directly integrates a crypto/payment flow (USDC wallet operations / x402 payment protocol), so its primary and explicit purpose is moving money.