x402

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs the agent to fetch and inspect arbitrary third‑party endpoints (e.g., "npx awal@2.8.2 x402 details " and "x402 pay "), reading remote payment/input/output schemas and then acting (including automatic payments), which means untrusted web content can influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly designed to discover and call paid API endpoints using the X402 payment protocol and to make automatic payments in USDC on blockchain networks (e.g., Base, Polygon, Solana). It includes a concrete "pay" command that "Call[s] the endpoint with automatic USDC payment", network/payment options, --max-amount controls, and prerequisites that require authentication and sufficient USDC balance. This is a specific crypto payment execution capability (on-chain USDC transfers/wallet usage), not a generic tool, so it grants direct financial execution authority.