privy-integration
Warn
Audited by Snyk on May 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's required workflows show the agent/client fetching and interpreting untrusted public endpoints (e.g., GET /.well-known/agent-configuration and other MCP discovery flows in references/agent-auth.md and MCP Authorization, wrapFetchWithPayment/useX402Fetch and mppx.fetch examples in SKILL.md/references/agent-payments.md, and the OpenAPI adapter that auto-derives capabilities from arbitrary OpenAPI specs), so third‑party web content can directly influence capability discovery and runtime actions.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill explicitly provides cryptocurrency and payment execution interfaces: React hooks and server SDK methods to send transactions (e.g., useSendTransaction, useSendTransaction hook example), x402 payment flows (wrapFetchWithPayment, createX402Client) that settle in USDC, MPP integration via mppx/tempo for machine payments, and direct agentic wallet transaction execution (privy.wallets().ethereum().sendTransaction). It also documents smart wallets (ERC-4337), embedded wallets, Tempo chain support, and policy-controlled agent wallets. These are specific APIs for creating/signing/sending on-chain payments and machine payment settlements, so the skill is designed to move money directly.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata