Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The skill instructs the agent to make an x402-authenticated request using the user's EVM private key and states that payment authorization is handled automatically, but it does not present this as a prominent risk warning before use. This can cause users or downstream agents to trigger paid requests without clearly understanding that wallet-backed funds may be spent automatically, increasing the chance of unintended charges.
