keeperhub-wallet

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly auto-processes external "HTTP 402" x402/MPP payment challenges from other services and reads the payment-challenge fields from tool payloads (see SKILL.md description and the "Safety" section describing the PreToolUse hook), meaning it ingests untrusted third-party responses that can influence signing decisions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly a crypto wallet integration that can sign and submit payments: it provisions an agentic wallet, funds it (Coinbase onramp and Tempo deposit address), reports balances, and — most importantly — auto-pays HTTP 402 responses by signing transactions on Base USDC and Tempo USDC.e via a server-proxied Turnkey wallet. It describes signing operations, a PreToolUse hook that gates signing but does not remove the ability to sign/send, and stores wallet credentials (hmacSecret/walletAddress) while private keys remain in the Turnkey enclave. These are concrete blockchain payment/signing capabilities (crypto wallets & signing), not generic tooling, so this grants direct financial execution authority.