lunarcrush

Warn

Audited by Snyk on Jun 18, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). The score (and oracle) runtime path calls the public LunarCrush x402 worker (createApiClient(...).requestGET /galaxy-score/{symbol} or /oracle/{symbol}), and the worker’s JSON response (including any free-text fields like reasoning/vibe) is ingested into the agent context via the skill’s stdout JSON—this is outsider-authored content from a third-party service.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly performs on-chain payments using the x402 protocol on the Stacks network: calls cost microSTX, responses include a payment_receipt with payer/transaction/network, a recipient wallet address is provided, and the skill "reads your wallet via the shared getAccount() helper (env mnemonic or unlocked wallet skill)" with "x402 payment handled automatically by createApiClient." These are specific crypto payment/signing actions (sending STX) rather than generic API access, so it grants direct financial execution capability.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 07:01 PM
Issues
2
Security Audit — snyk — lunarcrush