lunarcrush
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The
score(andoracle) runtime path calls the public LunarCrush x402 worker (createApiClient(...).request→GET /galaxy-score/{symbol}or/oracle/{symbol}), and the worker’s JSON response (including any free-text fields likereasoning/vibe) is ingested into the agent context via the skill’s stdout JSON—this is outsider-authored content from a third-party service.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain payments using the x402 protocol on the Stacks network: calls cost microSTX, responses include a payment_receipt with payer/transaction/network, a recipient wallet address is provided, and the skill "reads your wallet via the shared getAccount() helper (env mnemonic or unlocked wallet skill)" with "x402 payment handled automatically by createApiClient." These are specific crypto payment/signing actions (sending STX) rather than generic API access, so it grants direct financial execution capability.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata