nipper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill requires the agent to fetch and inspect developer-provided, public marketplace content (GET /v1/marketplace/search and GET /v1/marketplace/apps/{handle}/{app_name}) as mandatory workflow steps, so untrusted third-party app descriptions/examples/schemas can materially influence which capabilities the agent calls.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The documentation explicitly defines and documents on-chain payment capabilities: a Machine Payments Protocol flow using Tempo and USDC, a required on-chain "tempo.charge" transfer, SDK helpers (createPaymentClient, payment parsing/credential creation), step-by-step approve-and-pay instructions, contract ABIs (approve, pay), and examples using wallet private keys and viem to sign/send transactions. It also instructs agents to generate and persist wallets, use private keys, and construct/submit payment credentials and transaction hashes. These are specific crypto/financial execution operations (wallet management, signing transactions, token approve/pay flows), not generic API or browser automation. Therefore this skill grants direct financial execution authority.