mpp-session-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Before writing code" section explicitly instructs the agent to fetch live docs from public sites (e.g., https://www.npmjs.com/package/mppx, https://paymentauth.org/) and to web-search for implementation patterns, so the agent will ingest open, potentially untrusted third-party content that can influence implementation and actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is specifically designed for payment flows: it implements session-based streaming micropayments and payment channels, references authorizing a spending cap, creating payment channels, deducting micropayments per request, refilling caps, closing sessions, and final on-chain settlement. It even cites an SDK (mppx) and shows middleware that enforces/deducts from a spending cap. These are explicit financial execution operations (crypto/payment-channel signing, locking funds, and settling transactions), not generic tooling.