privy-integration

Warn

Audited by Snyk on May 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's required workflows show the agent/client fetching and interpreting untrusted public endpoints (e.g., GET /.well-known/agent-configuration and other MCP discovery flows in references/agent-auth.md and MCP Authorization, wrapFetchWithPayment/useX402Fetch and mppx.fetch examples in SKILL.md/references/agent-payments.md, and the OpenAPI adapter that auto-derives capabilities from arbitrary OpenAPI specs), so third‑party web content can directly influence capability discovery and runtime actions.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill explicitly provides cryptocurrency and payment execution interfaces: React hooks and server SDK methods to send transactions (e.g., useSendTransaction, useSendTransaction hook example), x402 payment flows (wrapFetchWithPayment, createX402Client) that settle in USDC, MPP integration via mppx/tempo for machine payments, and direct agentic wallet transaction execution (privy.wallets().ethereum().sendTransaction). It also documents smart wallets (ERC-4337), embedded wallets, Tempo chain support, and policy-controlled agent wallets. These are specific APIs for creating/signing/sending on-chain payments and machine payment settlements, so the skill is designed to move money directly.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 05:45 PM
Issues
2
Security Audit — snyk — privy-integration