nostr-bunker-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly includes and instructs handling connection secrets in URIs (e.g., bunker:// and nostrconnect:// with secret parameters), shows an example passing a literal secret on the command line, and instructs displaying/copying URIs (which contain the secret), so an agent following it would be expected to include secret values verbatim in outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow/subroutines explicitly subscribe to and decrypt kind:24133 events from public Nostr relays (e.g., wss://relay.damus.io) and perform NIP-89/NIP-05 discovery and must open auth URLs and obey signer-directed commands like switch_relays, so it ingests untrusted, user-generated third‑party content that can change agent behavior (see SKILL.md steps 2b–2d, 2e, and 3f).