nostr-zap-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses untrusted public endpoints — e.g., LNURL discovery via https:///.well-known/lnurlp/, calling the LNURL callback URL to get invoices, and querying/pulling kind:10019 events and mint URLs — and those JSON/responses (allowsNostr, nostrPubkey, callback, mint lists, description JSON in receipts) are parsed and used to decide actions (construct/send zap requests, select mints, validate receipts), so third‑party content can directly influence tool behavior.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill is explicitly about payment integration: it implements Lightning Zaps (NIP-57) and Nutzaps/Cashu (NIP-61). It details LNURL-pay flows, discovering LNURL endpoints, constructing zap requests, obtaining bolt11 invoices and instructing to pay them via a Lightning wallet, and minting/swapping P2PK-locked Cashu tokens at specified mint endpoints. These are specific crypto payment operations (invoice retrieval/payment, token minting/redemption, mint endpoints), not generic tooling, and therefore constitute direct financial execution capability.