inflow-payments

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the frontend to load and run the remote SDK at runtime via , which executes external JavaScript required for the FULL display flow (i.e., remote code fetched at runtime and relied on by the integration).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly and specifically designed to execute stablecoin payments and manage crypto payment flows. It exposes endpoints and actions that move money or enable programmatic control over funds: creating payment requests (POST /v1/requests/payment), policy creation and attachment for 0-click/headless auto-approval (POST /v1/policies, POST /v1/requests/policy), agentic programmatic user creation that returns a private API key (POST /v1/users/agentic), and wallet/address management (GET/POST /v1/deposit-addresses, /v1/withdrawal-addresses) plus transaction/webhook handling for settlement. These are not generic tools—the API is a payment gateway for stablecoins and includes mechanisms to initiate, approve, and confirm on-chain settlements and to provision programmatic credentials for autonomous agents. Under the provided Decision Logic, this is a direct financial execution capability.