crypto-bd-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires fetching and ingesting open/public third-party sources — e.g., DEX aggregators (DexScreener), web scraping ("Firecrawl or similar"), social/forum signals and trending trackers — as part of the Intelligence Gathering and Token Scoring workflows, and those untrusted, user-generated inputs directly affect scoring and outreach decisions, creating a clear vector for indirect prompt injection.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes autonomous on-chain actions and payment workflows: it references "autonomous payment workflows (x402)", "x402 micropayments (~$0.10/call)", "x402 payments ONLY through verified endpoints", dual-chain ERC-8004 on-chain registration, and use of separate wallets for payments/on-chain posts. Those items are specific to crypto financial operations (micropayment API/endpoint usage and on-chain registration requiring transactions/signing). This is not merely a generic browser or HTTP tool — it is purpose-built for moving value on-chain and making micropayments. Therefore it grants Direct Financial Execution Authority.