moonpay-scout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to scan and pull trending markets, prices, liquidity, and price history from public prediction market platforms Polymarket and Kalshi (Step 1, Step 2, and "Pull price history"), which are untrusted user-generated web content that the agent must interpret to decide and execute trades.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly performs and can execute on-market trades. It includes direct trading commands (mp prediction-market position buy ...) that place Polymarket orders, requires an authenticated MoonPay CLI and a funded wallet, and states the MoonPay wallet will sign and submit USDC.e transactions on Polygon. Those are specific crypto/market-order capabilities (placing buys, using wallet signing), not generic tooling, so it grants direct financial execution authority.