mdapi-conversion
Fail
Audited by Snyk on Jun 26, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). This skill repeatedly instructs embedding tokens, memos, and payment signatures directly into headers, query parameters, and curl/JSON examples (e.g., Authorization: Bearer TOKEN, ?token=TOKEN&memo=MEMO), which requires the LLM to handle and output secret values verbatim and thus poses a high exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill’s runtime path can fetch and convert public webpage content when the operating user supplies a
url(viaGET /?url=...orPOST /withurl), and that fetched outsider-authored page text is ingested into the LLM context as returned Markdown/prompt output.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly defines payment and token activation flows that instruct clients/agents to perform real payments. It requires sending USDC on Solana to a wallet with a memo for token activation, exposes X-Wallet-Address and X-QR-Payment headers for manual payment, and defines an autonomous payment flow with PAYMENT-REQUIRED (base64 payment payload), PAYMENT-SIGNATURE for signed payment retries, and PAYMENT-RESPONSE including transaction hash. These are specific crypto/blockchain payment operations (wallet addresses, on-chain USDC transfer, signing/payment payloads) — not generic API/click actions — and therefore grant direct financial execution capability.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata