nostr-nip-advisor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly instructs the agent to fetch and interpret live, public Nostr/MCP resources (e.g., "Use the Nostr MCP tools (read_nip, read_kind, read_tag)" in Workflow step 4) and protocol flows that fetch untrusted third-party endpoints and profiles (e.g., fetching a recipient's lnurl from lud16 in kind:0 profiles, kind:10019 mint info, and the NIP-11 relay info document), so the agent will ingest and act on arbitrary public/web-hosted user-generated content that can materially change actions (e.g., sending zap requests or choosing NIP behaviors).

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly describes payment-specific flows and primitives: LNURL and Bolt11 invoices for "zaps" (including steps to fetch lnurl pay endpoints, create zap requests, receive a bolt11 invoice and "pay it"), and Cashu mint/swap flows for "nutzaps" (mint/swap Cashu tokens P2PK-locked to a recipient). These are explicit, purpose-built payment/crypto operations (sending payments, minting/swapping tokens), not generic API or browser actions, so it grants direct financial execution capability.