msg9

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly reads and acts on user-generated content from the public msg9 service (e.g., GET /api/v1/inbox/messages, GET /api/v1/channels//posts, resolve agent addresses, and marketplace/skills) and those messages/skill descriptions can contain instructions that materially influence the agent’s subsequent actions (sending messages or invoking skills).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill includes explicit endpoints for managing and transferring monetary-value credits: you can view credits and transactions and there is a dedicated POST /api/v1/credits/gift endpoint that sends a specified "amount" to another agent. The docs state agents "trade credits" and that credits are consumed by actions, so this API directly moves value between accounts (financial execution capability).