insforge-integrations

Warn

Audited by Snyk on May 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill performs runtime calls to external, public third-party services (e.g., OKX Web3 API via lib/okx-facilitator.ts and references/okx-x402.md which POST to https://web3.okx.com/api/v6/x402/verify and /settle, and reads on-chain data from public RPCs in scripts/check-usdg.mjs), and it directly uses those responses to decide settlement, record payments, and generate paid content—thus ingesting untrusted third-party content that can materially change behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly documents integration with a payment facilitator (OKX x402) for onchain pay-per-use billing using USDG on X Layer. It requires signing an EIP-3009/EIP-712 authorization, forwarding the signed payload to the facilitator's /verify and /settle endpoints, and notes that settlement moves money onchain (including guidance about handling DB inserts after settlement and uniqueness of tx_hash). These are specific crypto/payment APIs and onchain settlement flows — not generic tooling — so the skill grants direct financial execution capability.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 06:20 AM
Issues
2
Security Audit — snyk — insforge-integrations