insforge-integrations
Warn
Audited by Snyk on May 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill performs runtime calls to external, public third-party services (e.g., OKX Web3 API via lib/okx-facilitator.ts and references/okx-x402.md which POST to https://web3.okx.com/api/v6/x402/verify and /settle, and reads on-chain data from public RPCs in scripts/check-usdg.mjs), and it directly uses those responses to decide settlement, record payments, and generate paid content—thus ingesting untrusted third-party content that can materially change behavior.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly documents integration with a payment facilitator (OKX x402) for onchain pay-per-use billing using USDG on X Layer. It requires signing an EIP-3009/EIP-712 authorization, forwarding the signed payload to the facilitator's /verify and /settle endpoints, and notes that settlement moves money onchain (including guidance about handling DB inserts after settlement and uniqueness of tx_hash). These are specific crypto/payment APIs and onchain settlement flows — not generic tooling — so the skill grants direct financial execution capability.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata